Comment 8 for bug 1385624

This bit of code is from _gtk_menu_tracker_item_new():

513 self->action_and_target = gtk_print_action_and_target (action_namespace, action_name, target);
514
515 if (target)
516 g_variant_unref (target);
517
518 action_name = strrchr (self->action_and_target, '|') + 1;

If we examine gtk_print_action_and_target(), we can see this:

890 g_return_val_if_fail (strchr (action_name, '|') == NULL, NULL);
891 g_return_val_if_fail (action_namespace == NULL || strchr (action_namespace, '|') == NULL, NULL);

On line 891 is where our problems start. This is from my GDB session:

(gdb) p action_name
$2 = (const gchar *) 0x7f0a1e18a9e8 "src.mailbox:///home/wilx/.thunderbird/2de4mlx2.default/Mail/Feeds/Standard%20C++%20|%20Articles%20&%20Books"
(gdb) p action_namespace
$3 = (const gchar *) 0x7f0a1e17e970 "indicator.thunderbird"

Notice that action_namespace does not contain a '|' character. The function fails and returns NULL, which is stored into self->action_and_target without checking for failure which subsequently dies on line 518 in _gtk_menu_tracker_item_new().

Conclusion:

1. _gtk_menu_tracker_item_new() should check for failure of gtk_print_action_and_target().
2. Somebody somewhere should send action namespace in the expected format.