evince/eog crash when using untrusted X11

Bug #1276333 reported by Martin Uecker on 2014-02-04
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
libgrip
High
Stephen M. Webb
geis (Ubuntu)
Undecided
Unassigned
libgrip (Ubuntu)
Undecided
Unassigned

Bug Description

evince/eog crash when using untrusted X11 connection (ssh -X with ForwardX11Trusted no) .

Somehow geis->backend ends up being NULL in this case, and it crashes in geis_backend_create_token which is called with a NULL argument from geis_backend_token_new (geis.c). I am not sure how this should be handled, but adding a test at the top of geis_backend_token_new fixes the problem:

  if (!geis->backend)
   return NULL;

This causes then a crash later in libgrip in the function 'processed_mapped_window_request' (gripgesturemanager.c), because it calls geis_filter_add_term with a NULL filter. This may be fixed with a test after 'geis_filter_new':

 GeisFilter window_filter = geis_filter_new(priv->geis, filter_id);

  if (NULL == window_filter)
        return;

Not sure if there are better ways, but this seems to fix it for me.

Related branches

Stephen M. Webb (bregma) on 2014-02-05
Changed in libgrip:
status: New → Triaged
importance: Undecided → High
assignee: nobody → Stephen M. Webb (bregma)
Stephen M. Webb (bregma) on 2014-02-05
Changed in libgrip:
milestone: none → 0.3.8
Martin Uecker (muecker) wrote :

Thank you for fixing this in libgrip. Could you also apply the necessary change to geis?

Stephen M. Webb (bregma) on 2014-02-21
Changed in libgrip:
status: Triaged → In Progress
PS Jenkins bot (ps-jenkins) wrote :

Fix committed into lp:libgrip at revision 90, scheduled for release in libgrip, milestone 0.3.8

Changed in libgrip:
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package libgrip - 0.3.7+14.04.20140303-0ubuntu1

---------------
libgrip (0.3.7+14.04.20140303-0ubuntu1) trusty; urgency=low

  [ Stephen M. Webb ]
  * Replace use of deprecated GTK+-3.0 function in example code. (LP:
    #1266597)
  * fix some Lintian packaging complaints.
  * p revent the Geis object from being used until it has been
    successfully initialized (lp: #1276333). (LP: #1276333)
  * debian/control: bump Standards-Version to 3.9.5 (no changes)
 -- Ubuntu daily release <email address hidden> Mon, 03 Mar 2014 20:07:30 +0000

Changed in libgrip (Ubuntu):
status: New → Fix Released
Stephen M. Webb (bregma) on 2014-06-24
Changed in libgrip:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers