gtk4-rs icon indicating copy to clipboard operation
gtk4-rs copied to clipboard

Published 20 hours ago verified publisher icon gtk-rs

[BUG] ` gtk4::PageSetupUnixDialog.set_page_setup` cause crash

Open qarmin opened this issue 3 years ago • 1 comments 

System:    Host: rafalkom Kernel: 5.13.0-28-generic x86_64 bits: 64 compiler: gcc v: 11.2.0 Desktop: GNOME 40.5 
           tk: GTK 3.24.30 wm: gnome-shell dm: GDM3 Distro: Ubuntu 21.10 (Impish Indri) 

RUST_BACKTRACE=full RUSTFLAGS=-Zsanitizer=address RUSTDOCFLAGS=-Zsanitizer=address cargo run  -Zbuild-std --target x86_64-unknown-linux-gnu

Bug description

let thing = PageSetupUnixDialog::default(); // PageSetupUnixDialog
thing.init_template();
thing.set_page_setup(&PageSetup::new());

cause crash:

(crash_thing:26612): GLib-GIO-CRITICAL **: 08:55:47.567: g_list_model_get_n_items: assertion 'G_IS_LIST_MODEL (list)' failed

(crash_thing:26612): GLib-GIO-CRITICAL **: 08:55:47.567: g_list_model_get_n_items: assertion 'G_IS_LIST_MODEL (list)' failed
AddressSanitizer:DEADLYSIGNAL
=================================================================
==26612==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000020 (pc 0x7f9ce8559c64 bp 0x00000000000c sp 0x7ffd95163b18 T0)
==26612==The signal is caused by a READ memory access.
==26612==Hint: address points to the zero page.
    #0 0x7f9ce8559c64  (/lib/x86_64-linux-gnu/libgtk-4.so.1+0x15cc64)
    #1 0x7f9ce877f1a0  (/lib/x86_64-linux-gnu/libgtk-4.so.1+0x3821a0)
    #2 0x7f9ce800c624  (/lib/x86_64-linux-gnu/libgobject-2.0.so.0+0x12624)
    #3 0x7f9ce802b96f  (/lib/x86_64-linux-gnu/libgobject-2.0.so.0+0x3196f)
    #4 0x7f9ce802bad2  (/lib/x86_64-linux-gnu/libgobject-2.0.so.0+0x31ad2)
    #5 0x7f9ce86e8bdf  (/lib/x86_64-linux-gnu/libgtk-4.so.1+0x2ebbdf)
    #6 0x7f9ce86ee377  (/lib/x86_64-linux-gnu/libgtk-4.so.1+0x2f1377)
    #7 0x7f9ce85b6cbf  (/lib/x86_64-linux-gnu/libgtk-4.so.1+0x1b9cbf)
    #8 0x7f9ce85b6e8e  (/lib/x86_64-linux-gnu/libgtk-4.so.1+0x1b9e8e)
    #9 0x7f9ce800dc0e  (/lib/x86_64-linux-gnu/libgobject-2.0.so.0+0x13c0e)
    #10 0x7f9ce8029ea5  (/lib/x86_64-linux-gnu/libgobject-2.0.so.0+0x2fea5)
    #11 0x7f9ce802b883  (/lib/x86_64-linux-gnu/libgobject-2.0.so.0+0x31883)
    #12 0x7f9ce802bad2  (/lib/x86_64-linux-gnu/libgobject-2.0.so.0+0x31ad2)
    #13 0x7f9ce8635940  (/lib/x86_64-linux-gnu/libgtk-4.so.1+0x238940)
    #14 0x7f9ce800dc0e  (/lib/x86_64-linux-gnu/libgobject-2.0.so.0+0x13c0e)
    #15 0x7f9ce8029ea5  (/lib/x86_64-linux-gnu/libgobject-2.0.so.0+0x2fea5)
    #16 0x7f9ce802b883  (/lib/x86_64-linux-gnu/libgobject-2.0.so.0+0x31883)
    #17 0x7f9ce802bad2  (/lib/x86_64-linux-gnu/libgobject-2.0.so.0+0x31ad2)
    #18 0x7f9ce800dc0e  (/lib/x86_64-linux-gnu/libgobject-2.0.so.0+0x13c0e)
    #19 0x7f9ce8029ea5  (/lib/x86_64-linux-gnu/libgobject-2.0.so.0+0x2fea5)
    #20 0x7f9ce802b883  (/lib/x86_64-linux-gnu/libgobject-2.0.so.0+0x31883)
    #21 0x7f9ce802bad2  (/lib/x86_64-linux-gnu/libgobject-2.0.so.0+0x31ad2)
    #22 0x7f9ce800dc0e  (/lib/x86_64-linux-gnu/libgobject-2.0.so.0+0x13c0e)
    #23 0x7f9ce8029ea5  (/lib/x86_64-linux-gnu/libgobject-2.0.so.0+0x2fea5)
    #24 0x7f9ce802b883  (/lib/x86_64-linux-gnu/libgobject-2.0.so.0+0x31883)
    #25 0x7f9ce802bad2  (/lib/x86_64-linux-gnu/libgobject-2.0.so.0+0x31ad2)
    #26 0x7f9ce8784922  (/lib/x86_64-linux-gnu/libgtk-4.so.1+0x387922)
    #27 0x7f9ce8785120  (/lib/x86_64-linux-gnu/libgtk-4.so.1+0x388120)
    #28 0x55c753cb7fa5  (/home/rafal/Desktop/Untitled Folder/Project/target/x86_64-unknown-linux-gnu/debug/crash_thing+0x35efa5)
    #29 0x55c753c8691f  (/home/rafal/Desktop/Untitled Folder/Project/target/x86_64-unknown-linux-gnu/debug/crash_thing+0x32d91f)
    #30 0x55c753c80487  (/home/rafal/Desktop/Untitled Folder/Project/target/x86_64-unknown-linux-gnu/debug/crash_thing+0x327487)
    #31 0x55c753c7fa6a  (/home/rafal/Desktop/Untitled Folder/Project/target/x86_64-unknown-linux-gnu/debug/crash_thing+0x326a6a)
    #32 0x7f9ce800dc0e  (/lib/x86_64-linux-gnu/libgobject-2.0.so.0+0x13c0e)
    #33 0x7f9ce8029ea5  (/lib/x86_64-linux-gnu/libgobject-2.0.so.0+0x2fea5)
    #34 0x7f9ce802b883  (/lib/x86_64-linux-gnu/libgobject-2.0.so.0+0x31883)
    #35 0x7f9ce802bad2  (/lib/x86_64-linux-gnu/libgobject-2.0.so.0+0x31ad2)
    #36 0x7f9ce81309d7  (/lib/x86_64-linux-gnu/libgio-2.0.so.0+0xdb9d7)
    #37 0x7f9ce8130bb5  (/lib/x86_64-linux-gnu/libgio-2.0.so.0+0xdbbb5)
    #38 0x55c753c80ee8  (/home/rafal/Desktop/Untitled Folder/Project/target/x86_64-unknown-linux-gnu/debug/crash_thing+0x327ee8)
    #39 0x55c753c808d7  (/home/rafal/Desktop/Untitled Folder/Project/target/x86_64-unknown-linux-gnu/debug/crash_thing+0x3278d7)
    #40 0x55c753c86406  (/home/rafal/Desktop/Untitled Folder/Project/target/x86_64-unknown-linux-gnu/debug/crash_thing+0x32d406)
    #41 0x55c753c884ca  (/home/rafal/Desktop/Untitled Folder/Project/target/x86_64-unknown-linux-gnu/debug/crash_thing+0x32f4ca)
    #42 0x55c753c85744  (/home/rafal/Desktop/Untitled Folder/Project/target/x86_64-unknown-linux-gnu/debug/crash_thing+0x32c744)
    #43 0x55c753c81af3  (/home/rafal/Desktop/Untitled Folder/Project/target/x86_64-unknown-linux-gnu/debug/crash_thing+0x328af3)
    #44 0x55c75449b96d  (/home/rafal/Desktop/Untitled Folder/Project/target/x86_64-unknown-linux-gnu/debug/crash_thing+0xb4296d)
    #45 0x55c7544a9a5e  (/home/rafal/Desktop/Untitled Folder/Project/target/x86_64-unknown-linux-gnu/debug/crash_thing+0xb50a5e)
    #46 0x55c7544b2c0a  (/home/rafal/Desktop/Untitled Folder/Project/target/x86_64-unknown-linux-gnu/debug/crash_thing+0xb59c0a)
    #47 0x55c7544a7d02  (/home/rafal/Desktop/Untitled Folder/Project/target/x86_64-unknown-linux-gnu/debug/crash_thing+0xb4ed02)
    #48 0x55c75425a019  (/home/rafal/Desktop/Untitled Folder/Project/target/x86_64-unknown-linux-gnu/debug/crash_thing+0x901019)
    #49 0x55c7542f708b  (/home/rafal/Desktop/Untitled Folder/Project/target/x86_64-unknown-linux-gnu/debug/crash_thing+0x99e08b)
    #50 0x55c7544a985d  (/home/rafal/Desktop/Untitled Folder/Project/target/x86_64-unknown-linux-gnu/debug/crash_thing+0xb5085d)
    #51 0x55c7544b2c0a  (/home/rafal/Desktop/Untitled Folder/Project/target/x86_64-unknown-linux-gnu/debug/crash_thing+0xb59c0a)
    #52 0x55c7544a89fb  (/home/rafal/Desktop/Untitled Folder/Project/target/x86_64-unknown-linux-gnu/debug/crash_thing+0xb4f9fb)
    #53 0x55c75425a339  (/home/rafal/Desktop/Untitled Folder/Project/target/x86_64-unknown-linux-gnu/debug/crash_thing+0x901339)
    #54 0x55c7542f69d9  (/home/rafal/Desktop/Untitled Folder/Project/target/x86_64-unknown-linux-gnu/debug/crash_thing+0x99d9d9)
    #55 0x55c753c81a55  (/home/rafal/Desktop/Untitled Folder/Project/target/x86_64-unknown-linux-gnu/debug/crash_thing+0x328a55)
    #56 0x55c753c86bbb  (/home/rafal/Desktop/Untitled Folder/Project/target/x86_64-unknown-linux-gnu/debug/crash_thing+0x32dbbb)
    #57 0x7f9ce7bc9fcf  (/lib/x86_64-linux-gnu/libc.so.6+0x2dfcf)
    #58 0x7f9ce7bca07c  (/lib/x86_64-linux-gnu/libc.so.6+0x2e07c)
    #59 0x55c753bed1e4  (/home/rafal/Desktop/Untitled Folder/Project/target/x86_64-unknown-linux-gnu/debug/crash_thing+0x2941e4)

Issue found by fuzzer - https://github.com/qarmin/gtk-rs-fuzzer

qarmin avatar Feb 13 '22 07:02 qarmin

Similar crash with thing.set_embed_page_setup(true);

qarmin avatar Feb 13 '22 08:02 qarmin