Bug#934790: atril: sometimes prints GLib error message when exiting

2019-08-16 Thread Simon McVittie 
On Wed, 14 Aug 2019 at 23:42:04 +, brian m. carlson wrote:
>   (atril:308857): GLib-CRITICAL **: 23:34:21.398: g_source_set_ready_time: 
> assertion 'source->priv != NULL' failed
> 
> This does not always occur, but occurs most of the time when invoked
> with a PDF file from the command line.

This indicates a bug in either atril or some library that it uses. It
is operating on a GSource pointer that is no longer valid, most likely
a leftover pointer to a GSource object that has already been freed. This
is undefined behaviour. If it is indeed a use-after-free, then it could
equally well be acting on some other arbitrary region of memory that
happens to have been allocated where the GSource used to be, which could
have any result, up to and including a security vulnerability.

GLib is trying to be nice to you by making an effort to detect this class
of programming error, logging a warning, and recovering as well as it can,
instead of just crashing. If you would prefer applications to crash under
such circumstances (which is often a useful way to debug what they or
their libraries are doing wrong, but is more destructive for the users
of those applications), please run them with G_DEBUG=fatal-criticals
in the environment, or use g_log_set_always_fatal() to make critical
warnings fatal.

With hindsight, GLib critical warnings should probably have been fatal
(caused an abort() or SIGTRAP) by default, like their equivalents in
libdbus and in glibc's malloc machinery, but it would be highly disruptive
to make that change globally at this stage.

> If you don't think this message is worth fixing, you can ask the glib2.0
> maintainer to compile with G_DISABLE_CHECKS to suppress this warning

This would almost certainly make atril segfault when
g_source_set_ready_time() tried to dereference the NULL source->priv
pointer of the invalid GSource that it has been given. If that's what
you want, G_DEBUG=fatal-criticals or g_log_set_always_fatal() would have
the same practical result but with more ability to diagnose what is wrong.

> or to patch GLib not to produce warnings to stderr in g_return_*_if_fail.

Please do not request this, it will not be implemented. Logging warnings
to stderr is an entirely valid response to undefined behaviour. (So
is crashing, which is what will often happen in practice when the
undefined behaviour is not straightforward to detect, like passing an
invalid pointer to a string function like g_strcmp0() or glibc strcmp();
and so is making demons fly out of your nose[1].)

smcv

[1] https://en.wikipedia.org/wiki/Undefined_behavior

Bug#934790: atril: sometimes prints GLib error message when exiting

2019-08-14 Thread brian m. carlson 
Package: atril
Version: 1.22.1-1
Severity: minor

When running atril from the command line, it sometimes prints the
following error message when it exits:

  (atril:308857): GLib-CRITICAL **: 23:34:21.398: g_source_set_ready_time: 
assertion 'source->priv != NULL' failed

This does not always occur, but occurs most of the time when invoked
with a PDF file from the command line.

If you don't think this message is worth fixing, you can ask the glib2.0
maintainer to compile with G_DISABLE_CHECKS to suppress this warning, or
to patch GLib not to produce warnings to stderr in g_return_*_if_fail.

-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (500, 'testing'), 
(500, 'stable'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.2.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages atril depends on:
ii  atril-common 1.22.1-1
ii  dconf-gsettings-backend [gsettings-backend]  0.30.1-2
ii  libatk1.0-0  2.32.0-2
ii  libatrildocument31.22.1-1
ii  libatrilview31.22.1-1
ii  libc62.28-10
ii  libcairo-gobject21.16.0-4
ii  libcairo21.16.0-4
ii  libcaja-extension1   1.22.1-1
ii  libgail-3-0  3.24.10-1
ii  libgdk-pixbuf2.0-0   2.38.1+dfsg-1
ii  libglib2.0-0 2.60.6-2
ii  libgtk-3-0   3.24.10-1
ii  libice6  2:1.0.9-2
ii  libjavascriptcoregtk-4.0-18  2.24.3-1
ii  libpango-1.0-0   1.42.4-7
ii  libpangocairo-1.0-0  1.42.4-7
ii  libsecret-1-00.18.7-1
ii  libsm6   2:1.2.3-1
ii  libsoup2.4-1 2.64.2-2
ii  libwebkit2gtk-4.0-37 2.24.3-1
ii  libx11-6 2:1.6.7-1
ii  libxml2  2.9.4+dfsg1-7+b3
ii  shared-mime-info 1.10-1
ii  zlib1g   1:1.2.11.dfsg-1+b1

Versions of packages atril recommends:
ii  dbus-user-session [default-dbus-session-bus]  1.12.16-1
ii  dbus-x11 [dbus-session-bus]   1.12.16-1
ii  gvfs  1.38.1-5

Versions of packages atril suggests:
ii  caja  1.22.1-1
ii  poppler-data  0.4.9-2
pn  unrar 

-- no debconf information

-- 
brian m. carlson: Houston, Texas, US
OpenPGP: https://keybase.io/bk2204


signature.asc
Description: PGP signature