Midori Web Browser

Customize shortcuts extension crashes when closed with escape key

Bug #933082 reported by gue5t gue5t on 2012-02-15

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Midori Web Browser	Fix Released	Undecided	Unassigned

Bug Description

To reproduce: enable the customize shortcuts extension, open it, and then hit the escape key. Midori will crash.

The attached patch fixes this crash.

Tags:

Revision history for this message

gue5t gue5t (gue5t) wrote on 2012-02-15:

shortcuts-crash.patch Edit (640 bytes, text/plain)

Revision history for this message

Cris Dywan (kalikiana) wrote on 2012-02-19:

The patch isn't correct: the variable must be unset if the window is destroyed. Otherwise shortcuts_menu_configure_shortcuts_activate_cb will return an invalid pointer.

Revision history for this message

gue5t gue5t (gue5t) wrote on 2012-02-19:

There are two times in shortcuts.c that the function call "g_signal_connect (dialog, "destroy", G_CALLBACK (gtk_widget_destroyed), &dialog);" occurs. On line 270, dialog is a static variable, and is kept around between calls to shortcuts_menu_configure_shortcuts_activate_cb so that that function can create a new dialog if the old one is destroyed. However, in the context of the other call that connects gtk_widget_destroyed (the one this patch removes, on line 183), dialog is a regular variable on the stack (declared on line 154) and it's not even possible to alter its value meaningfully with the callback; all uses of dialog occur before the widget could possibly be destroyed, so when the gtk_widget_destroyed runs, the address it was passed is now some other data on the stack. That's why it was crashing.