In all repositories there is a buffer-overrun in the function gtk_rc_add_default_file(), where if the dynamic array gtk_rc_default_files has exactly max_default_files entries, a NULL will be written past the allocated memory. The resize function does not resize the null terminated array in this case, and address sanitizer (and valgrind) detects a memory access violation in any code leading to this function.
The following code is in error ( from https://bazaar.launchpad.net/~ubuntu-branches/ubuntu/precise/gtk+2.0/precise-proposed/view/head:/gtk/gtkrc.c#L596 )
{{{
for (n = 0; n < max_default_files; n++)
{
if (gtk_rc_default_files[n] == NULL)
break;
}
if (n == max_default_files)
{
max_default_files += 10;
gtk_rc_default_files = g_renew (gchar*, gtk_rc_default_files, max_default_files);
}
gtk_rc_default_files[n++] = g_strdup (filename);
gtk_rc_default_files[n] = NULL;
}}}
Proposed modified implementation is as follows:
{{{
for (n = 0; n < (max_default_files-1); n++)
{
if (gtk_rc_default_files[n] == NULL)
break;
}
if (n >= (max_default_files-1))
{
max_default_files += 10;
gtk_rc_default_files = g_renew (gchar*, gtk_rc_default_files, max_default_files);
}
gtk_rc_default_files[n++] = g_strdup (filename);
gtk_rc_default_files[n] = NULL;
}}}
This implementation should be changed in all branches:
https://bazaar.launchpad.net/~ubuntu-branches/ubuntu/trusty/gtk+2.0/trusty/view/head:/gtk/gtkrc.c#L569
https://bazaar.launchpad.net/~ubuntu-branches/ubuntu/trusty/gtk+2.0/trusty-updates/view/head:/gtk/gtkrc.c#L569
https://bazaar.launchpad.net/~ubuntu-branches/ubuntu/trusty/gtk+2.0/trusty-proposed/view/head:/gtk/gtkrc.c#L569
https://bazaar.launchpad.net/~ubuntu-branches/ubuntu/precise/gtk+2.0/precise/view/head:/gtk/gtkrc.c#L590
https://bazaar.launchpad.net/~ubuntu-branches/ubuntu/precise/gtk+2.0/precise-updates/view/head:/gtk/gtkrc.c#L596
https://bazaar.launchpad.net/~ubuntu-branches/ubuntu/precise/gtk+2.0/precise-proposed/view/head:/gtk/gtkrc.c#L596
Thank you for your bug report, that looks like an upstream issue and should be reported on https:/ /gitlab. gnome.org/ GNOME/gtk/ issues