gtk4-rs icon indicating copy to clipboard operation
gtk4-rs copied to clipboard

Published 20 hours ago verified publisher icon gtk-rs

[BUG] ` gtk4::Snapshot.to_node` cause crash

Open qarmin opened this issue 3 years ago • 5 comments 

System:    Host: rafalkom Kernel: 5.13.0-28-generic x86_64 bits: 64 compiler: gcc v: 11.2.0 Desktop: GNOME 40.5 
           tk: GTK 3.24.30 wm: gnome-shell dm: GDM3 Distro: Ubuntu 21.10 (Impish Indri) 

RUST_BACKTRACE=full RUSTFLAGS=-Zsanitizer=address RUSTDOCFLAGS=-Zsanitizer=address cargo run  -Zbuild-std --target x86_64-unknown-linux-gnu

Bug description

    let thing = Snapshot::default(); // Snapshot
    thing.to_node();
    thing.to_node();

cause crash:

**
Gtk:ERROR:../../../gtk/gtksnapshot.c:237:gtk_snapshot_get_current_state: assertion failed: (size > 0)
Bail out! Gtk:ERROR:../../../gtk/gtksnapshot.c:237:gtk_snapshot_get_current_state: assertion failed: (size > 0)
Aborted (core dumped)

Issue found by fuzzer - https://github.com/qarmin/gtk-rs-fuzzer

qarmin avatar Feb 11 '22 16:02 qarmin

to_node consumes the snapshot normally, I don't think there is anything actionable here. cc @sdroege ?

bilelmoussaoui avatar Feb 11 '22 16:02 bilelmoussaoui

I guess the assertion in C could be a bit more descriptive, or to_node() could simply return NULL on the second call.

sdroege avatar Feb 11 '22 17:02 sdroege

Well the message shared here seems to be wrong, it is a copy paste of an other issue opened lately. @qarmin mind updating that?

bilelmoussaoui avatar Feb 11 '22 17:02 bilelmoussaoui

Yup, my bad, Updated assertion message

qarmin avatar Feb 11 '22 17:02 qarmin

Not much more descriptive but better at least :) Your call if you want to improve the error handling in C. It will never work, but maybe it can explode more nicely.

sdroege avatar Feb 11 '22 17:02 sdroege