libgrip

evince/eog crash when using untrusted X11

Bug #1276333 reported by Martin Uecker on 2014-02-04

This bug affects 1 person

	Status	Importance	Assigned to	Milestone
libgrip	Fix Released	High	Stephen M. Webb	libgrip 0.3.8
geis (Ubuntu)	New	Undecided	Unassigned
libgrip (Ubuntu)	Fix Released	Undecided	Unassigned

Bug Description

evince/eog crash when using untrusted X11 connection (ssh -X with ForwardX11Trusted no) .

Somehow geis->backend ends up being NULL in this case, and it crashes in geis_backend_create_token which is called with a NULL argument from geis_backend_token_new (geis.c). I am not sure how this should be handled, but adding a test at the top of geis_backend_token_new fixes the problem:

if (!geis->backend)
return NULL;

This causes then a crash later in libgrip in the function 'processed_mapped_window_request' (gripgesturemanager.c), because it calls geis_filter_add_term with a NULL filter. This may be fixed with a test after 'geis_filter_new':

GeisFilter window_filter = geis_filter_new(priv->geis, filter_id);

if (NULL == window_filter)
return;

Not sure if there are better ways, but this seems to fix it for me.

Related branches

lp:~bregma/libgrip/lp-1276333

Merged into lp:libgrip at revision 90

PS Jenkins bot (community): Approve (continuous-integration) on 2014-02-25

Brandon Schaefer (community): Approve on 2014-02-25

lp:ubuntu/trusty-proposed/libgrip

lp:~oif-packaging/libgrip/debian

lp:debian/libgrip

Stephen M. Webb (bregma) on 2014-02-05

Changed in libgrip:
status:	New → Triaged
importance:	Undecided → High
assignee:	nobody → Stephen M. Webb (bregma)

Stephen M. Webb (bregma) on 2014-02-05

Changed in libgrip:
milestone:	none → 0.3.8

Revision history for this message

Martin Uecker (muecker) wrote on 2014-02-13:

Thank you for fixing this in libgrip. Could you also apply the necessary change to geis?

Stephen M. Webb (bregma) on 2014-02-21

Changed in libgrip:
status:	Triaged → In Progress

Revision history for this message

PS Jenkins bot (ps-jenkins) wrote on 2014-02-25:

Fix committed into lp:libgrip at revision 90, scheduled for release in libgrip, milestone 0.3.8

Changed in libgrip:
status:	In Progress → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2014-03-03:

This bug was fixed in the package libgrip - 0.3.7+14.04.20140303-0ubuntu1

---------------
libgrip (0.3.7+14.04.20140303-0ubuntu1) trusty; urgency=low

  [ Stephen M. Webb ]
  * Replace use of deprecated GTK+-3.0 function in example code. (LP:
    #1266597)
  * fix some Lintian packaging complaints.
  * p revent the Geis object from being used until it has been
    successfully initialized (lp: #1276333). (LP: #1276333)
  * debian/control: bump Standards-Version to 3.9.5 (no changes)
-- Ubuntu daily release <email address hidden> Mon, 03 Mar 2014 20:07:30 +0000

Changed in libgrip (Ubuntu):
status:	New → Fix Released

Stephen M. Webb (bregma) on 2014-06-24

Changed in libgrip:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

Duplicates of this bug

Bug #1266144

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.