Ubuntu
compiz package

window manager crash with extremely long window name

Bug #793291 reported by Emanuel Bronshtein on 2011-06-05

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	Compiz	Confirmed	Low	compiz-bugs #38
	compiz (Ubuntu)	Triaged	Low	Unassigned

Bug Description

Binary package hint: nautilus

displaying extremely long error causes the window manager to crash.

test case:
emanuel@emanuel-desktop:~$ nautilus `python -c "print 'A'*100000"`

Revision history for this message

Brendan Donegan (brendan-donegan) wrote on 2011-06-09:

It does seem like the window that is created with the long title proceeds to crash, so setting this to confirmed. However this is a real corner case (unless you can show some more common scenario in which the title might be very long), so it should be set to Low Importance.

---
Ubuntu Bug Squad volunteer triager
http://wiki.ubuntu.com/BugSquad

Changed in nautilus (Ubuntu):
status:	New → Confirmed

Revision history for this message

RedSingularity (redsingularity) wrote on 2011-06-09:

Setting to low as requested by Brendan.
---
Ubuntu Bug Squad volunteer triager
http://wiki.ubuntu.com/BugSquad

Changed in nautilus (Ubuntu):
importance:	Undecided → Low

C de-Avillez (hggdh2) on 2011-06-09

summary:

- DoS window manager with extremely long error
+ window manager crash with extremely long window name

Revision history for this message

Brendan Donegan (brendan-donegan) wrote on 2011-06-09:

Some more info on this one -

It seems the 'character limit' (though my feeling is the bug is based on the window width rather than characters) is about 1000. With compiz the behaviour is that the window closes and the area where the window would have been becomes corrupted in some way (if you move other things in there then blurring takes places).

---
Ubuntu Bug Squad volunteer triager
http://wiki.ubuntu.com/BugSquad

affects:

nautilus (Ubuntu) → compiz (Ubuntu)

Revision history for this message

In Compiz Bug Tracker #38, Brendan Donegan (brendan-donegan) wrote on 2011-06-09:

Created attachment 22
screenshot of corrupted area

Causing a very wide window to be created using (for example) the following command:

> nautilus `python -c "print 'A' * 1000"`

(creates an error window with a line of 1000 A's) - very wide)

will lead to:

a.) The window 'crashing' (window disappears)
b.) The area where the window was to become 'corrupt', in this case meaning that other windows which are dragged through this area leave a trail there (screenshot attached)

This happens on Ubuntu 11.04 for me specifically.

Compiz 0.9.4.0

Revision history for this message

In Compiz Bug Tracker #38, Brendan Donegan (brendan-donegan) wrote on 2011-06-09:

Created attachment 23
X session errors

Revision history for this message

Brendan Donegan (brendan-donegan) wrote on 2011-06-20:

I thought I added the upstream bug a while ago but obviously didn't

Changed in compiz:
importance:	Undecided → Unknown
status:	New → Unknown

Bug Watch Updater (bug-watch-updater) on 2011-06-20

Changed in compiz:
importance:	Unknown → Low
status:	Unknown → Confirmed

Revision history for this message

Robert Roth (evfool) wrote on 2011-06-23:

Setting as Triaged as we have a valid upstream bug report.

Changed in compiz (Ubuntu):
status:	Confirmed → Triaged

Revision history for this message

Robert Roth (evfool) wrote on 2011-12-25:

Somehow the character limit to reproduce this bug seems to vary: with 795 chars the dialog still opens, but with 796 I get the corruption, and above 1000 the corruption is not displayed anymore.

Revision history for this message

Robert Roth (evfool) wrote on 2011-12-25:

More precisely, I get the corruption if using any number between 796 and 808 inclusive. Below 796 everything works fine, above 808 nothing is displayed, and no corruption visible.