From 69b272317004cd5065c23ad436bea9a9abf18aa3 Mon Sep 17 00:00:00 2001
From: Nils Philippsen <nils@redhat.com>
Date: Fri, 10 Jun 2011 21:43:52 +0200
Subject: [PATCH] guard against crash due to quitting while DND is processed
 (#711952)

---
 gimp-2.6.11-shell-dnd-quit-crash.patch | 83 ++++++++++++++++++++++++++
 gimp.spec                              | 14 ++++-
 2 files changed, 94 insertions(+), 3 deletions(-)
 create mode 100644 gimp-2.6.11-shell-dnd-quit-crash.patch

diff --git a/gimp-2.6.11-shell-dnd-quit-crash.patch b/gimp-2.6.11-shell-dnd-quit-crash.patch
new file mode 100644
index 0000000..feddf0a
--- /dev/null
+++ b/gimp-2.6.11-shell-dnd-quit-crash.patch
@@ -0,0 +1,83 @@
+From dcb8cc2ce47a59d6e8c2272755f0b8c00e391fe0 Mon Sep 17 00:00:00 2001
+From: Nils Philippsen <nils@redhat.com>
+Date: Fri, 10 Jun 2011 21:36:23 +0200
+Subject: [PATCH] patch: shell-dnd-quit-crash
+
+Squashed commit of the following:
+
+commit 3028f226d577cdf4fc2b01b53beeb1edd8b69a8b
+Author: Nils Philippsen <nils@redhat.com>
+Date:   Fri Jun 10 18:06:02 2011 +0200
+
+    app: guard against crash due to quitting while DND is processed
+
+    In gimp_display_shell_drop_uri_list(), shell->display is dereferenced in
+    some places without checking that it's still there. It can be set to
+    NULL if the user quits the application while a drag and drop action is
+    being processed and the main loop is iterated during execution of this
+    function. (Bug #652280)
+    (cherry picked from commit b1a2c736bf7e6c75ca1af4b4c3330172dddb269e)
+
+    Conflicts:
+
+    	app/display/gimpdisplayshell-dnd.c
+---
+ app/display/gimpdisplayshell-dnd.c |   25 ++++++++++++++++++++++---
+ 1 files changed, 22 insertions(+), 3 deletions(-)
+
+diff --git a/app/display/gimpdisplayshell-dnd.c b/app/display/gimpdisplayshell-dnd.c
+index 8d210a8..1e67fda 100644
+--- a/app/display/gimpdisplayshell-dnd.c
++++ b/app/display/gimpdisplayshell-dnd.c
+@@ -458,11 +458,21 @@ gimp_display_shell_drop_uri_list (GtkWidget *widget,
+                                   gpointer   data)
+ {
+   GimpDisplayShell *shell   = GIMP_DISPLAY_SHELL (data);
+-  GimpImage        *image   = shell->display->image;
+-  GimpContext      *context = gimp_get_user_context (shell->display->gimp);
++  GimpImage        *image;
++  GimpContext      *context;
+   GList            *list;
+   gboolean          open_as_layers;
+ 
++  /* If the app is already being torn down, shell->display might be NULL here.
++   * Play it safe. */
++  if (! shell->display)
++    {
++      return;
++    }
++
++  image = shell->display->image;
++  context = gimp_get_user_context (shell->display->gimp);
++
+   GIMP_LOG (DND, NULL);
+ 
+   open_as_layers = (shell->display->image != NULL);
+@@ -474,6 +484,12 @@ gimp_display_shell_drop_uri_list (GtkWidget *widget,
+       GError            *error = NULL;
+       gboolean           warn  = FALSE;
+ 
++      if (! shell->display)
++        {
++          /* It seems as if GIMP is being torn down for quitting. Bail out. */
++          return;
++        }
++
+       if (open_as_layers)
+         {
+           GList *new_layers;
+@@ -528,7 +544,10 @@ gimp_display_shell_drop_uri_list (GtkWidget *widget,
+             warn = TRUE;
+         }
+ 
+-      if (warn)
++      /* Something above might have run a few rounds of the main loop. Check
++       * that shell->display is still there, otherwise ignore this as the app
++       * is being torn down for quitting. */
++      if (warn && shell->display)
+         {
+           gchar *filename = file_utils_uri_display_name (uri);
+ 
+-- 
+1.7.5.2
+
diff --git a/gimp.spec b/gimp.spec
index b9779ef..9c05d75 100644
--- a/gimp.spec
+++ b/gimp.spec
@@ -36,7 +36,7 @@ Summary:        GNU Image Manipulation Program
 Name:           gimp
 Epoch:          2
 Version:        2.6.11
-Release:        15%{?dist}
+Release:        16%{?dist}
 %define binver 2.6
 %define gimp_lang_ver 20
 %define interfacever 2.0
@@ -148,8 +148,12 @@ Patch8:         gimp-2.6.11-psp-overflow.patch
 # backport: CVE-2010-4540, CVE-2010-4541, CVE-2010-4542
 # fix buffer overflows in sphere-designer, gfig, lighting plugins
 Patch9:         gimp-2.6.11-CVE-2010-4540,4541,4542.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=711952
+# https://bugzilla.gnome.org/show_bug.cgi?id=652280
+# guard against crash due to quitting while DND is processed, upstreamed
+Patch10:        gimp-2.6.11-shell-dnd-quit-crash.patch
 # files changed by autoreconf after applying the above
-Patch10:        gimp-2.6.11-11-autoreconf.patch.bz2
+Patch100:       gimp-2.6.11-11-autoreconf.patch.bz2
 
 %description
 GIMP (GNU Image Manipulation Program) is a powerful image composition and
@@ -238,8 +242,9 @@ EOF
 %patch7 -p1 -b .poppler-0.17
 %patch8 -p1 -b .psp-overflow
 %patch9 -p1 -b .CVE-2010-4540,4541,4542
+%patch10 -p1 -b .shell-dnd-quit-crash
 
-%patch10 -p1 -b .autoreconf
+%patch100 -p1 -b .autoreconf
 
 %build
 # Use PIC/PIE because gimp is likely to deal with files coming from untrusted
@@ -505,6 +510,9 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
 %{_libdir}/gimp/%{interfacever}/plug-ins/help-browser
 
 %changelog
+* Fri Jun 10 2011 Nils Philippsen <nils@redhat.com> - 2:2.6.11-16
+- guard against crash due to quitting while DND is processed (#711952)
+
 * Tue Jun 07 2011 Nils Philippsen <nils@redhat.com> - 2:2.6.11-15
 - drop support for building with non-modular X
 - ensure file-xpm plugin is built (#710207)