Fix a possible segfault and critical warnings

Resolves: RHEL-4130 Resolves: RHEL-22853
2025-05-12 15:37:50 -04:00 · 2025-05-12 15:37:50 -04:00 · 9a4bf658bb
commit 9a4bf658bb
parent b6ab28b63c
3 changed files with 57 additions and 1 deletions
--- a/0001-dnd-Prevent-a-possible-segfault.patch
+++ b/0001-dnd-Prevent-a-possible-segfault.patch
@ -0,0 +1,37 @@
+From 889057a38627acb711ae56852d779925e770d8a0 Mon Sep 17 00:00:00 2001
+From: Matthias Clasen <mclasen@redhat.com>
+Date: Wed, 28 Feb 2024 13:10:27 -0500
+Subject: [PATCH] dnd: Prevent a possible segfault
+
+It is at least theoretically possible that gtk_entry_get_pixel_ranges
+will return no ranges, and we should handle that without an
+out-of-bounds access or segfault.
+---
+ gtk/gtkentry.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/gtk/gtkentry.c b/gtk/gtkentry.c
+index 4078855c93..a71578218c 100644
+--- a/gtk/gtkentry.c
+++ b/gtk/gtkentry.c
+@@ -4724,7 +4724,7 @@ gtk_entry_drag_gesture_update (GtkGestureDrag *gesture,
+           button = gtk_gesture_single_get_current_button (GTK_GESTURE_SINGLE (gesture));
+           gtk_drag_begin_with_coordinates (widget, target_list, actions,
+                                            button, (GdkEvent*) event,
+-                                           priv->drag_start_x + ranges[0],
+                                           priv->drag_start_x + (n_ranges > 0 ? ranges[0] : 0),
+                                            priv->drag_start_y);
+           g_free (ranges);
+ 
+@@ -9931,7 +9931,7 @@ gtk_entry_drag_begin (GtkWidget      *widget,
+       gtk_entry_get_pixel_ranges (entry, &ranges, &n_ranges);
+       cairo_surface_get_device_scale (surface, &sx, &sy);
+       cairo_surface_set_device_offset (surface,
+-                                       -(priv->drag_start_x - ranges[0]) * sx,
+                                       -(priv->drag_start_x - (n_ranges > 0 ? ranges[0] : 0)) * sx,
+                                        -(priv->drag_start_y) * sy);
+       g_free (ranges);
+ 
+-- 
+2.49.0
+
--- a/gtk3.spec
+++ b/gtk3.spec
@ -19,7 +19,7 @@

 Name: gtk3
 Version: 3.24.31
-Release: 5%{?dist}
+Release: 6%{?dist}
 Summary: GTK+ graphical user interface library

 License: LGPLv2+
@ -39,6 +39,10 @@ Patch3:  gtk3-3.24.31-treeview-a11y-leak-fix.patch
 Patch4:  0001-theme-Reduce-the-height-of-titlebars.patch
 # https://issues.redhat.com/browse/RHEL-46993
 Patch5: 0001-Stop-looking-for-modules-in-cwd.patch
+# https://issues.redhat.com/browse/RHEL-22853
+Patch6: 0001-dnd-Prevent-a-possible-segfault.patch
+# https://issues.redhat.com/browse/RHEL-4130
+Patch7: remove-size-allocation-critical.patch

 BuildRequires: pkgconfig(atk) >= %{atk_version}
 BuildRequires: pkgconfig(atk-bridge-2.0)
@ -306,6 +310,10 @@ gtk-query-immodules-3.0-%{__isa_bits} --update-cache &>/dev/null || :
 %{_datadir}/installed-tests/

 %changelog
+* Mon May 12 2025 Matthias Clasen <mclasen@redhat.com> - 3.24.31-6
+- Resolves: RHEL-4130
+- Resolves: RHEL-22853
+
 * Wed Jul 10 2024 Matthias Clasen <mclasen@redhat.com> - 3.24.31-5
 - Stop looking for modules in cwd (CVE-2024-6655)
 - Resolves: RHEL-46993
--- a/remove-size-allocation-critical.patch
+++ b/remove-size-allocation-critical.patch
@ -0,0 +1,11 @@
+diff --git a/gtk/gtkboxgadget.c b/gtk/gtkboxgadget.c
+index 3cc94da1de..dba84485d8 100644
+--- a/gtk/gtkboxgadget.c
+++ b/gtk/gtkboxgadget.c
+@@ -170,7 +170,6 @@ gtk_box_gadget_distribute (GtkBoxGadget     *gadget,
+ 
+   if G_UNLIKELY (size < 0)
+     {
+-      g_critical ("%s: assertion 'size >= 0' failed in %s", G_STRFUNC, G_OBJECT_TYPE_NAME (gtk_css_gadget_get_owner (GTK_CSS_GADGET (gadget))));
+       return;
+     }