Segfault in save_webp, error variable NULL

[krakopo]

Possibly introduced via 17b87ec

Here's some info

Thread 1 "xfce4-screensho" received signal SIGSEGV, Segmentation fault.
save_webp (pixbuf=0x5555557c5640, keys=<optimized out>, values=<optimized out>, error=0x0, save_func=0x7ffff7450a60 <save_to_buffer_callback>, f=f@entry=0x0, user_data=0x7fffffffd310) at ../io-webp.c:351

(gdb) where
#0  save_webp (pixbuf=0x5555557c5640, keys=<optimized out>, values=<optimized out>, error=0x0, save_func=0x7ffff7450a60 <save_to_buffer_callback>, f=f@entry=0x0, user_data=0x7fffffffd310) at ../io-webp.c:351
#1  0x00007fffe41b1477 in save_to_callback (save_func=<optimized out>, user_data=<optimized out>, pixbuf=<optimized out>, keys=<optimized out>, values=<optimized out>, error=<optimized out>) at ../io-webp.c:376
#2  0x00007ffff7453f1a in gdk_pixbuf_real_save_to_callback (error=<optimized out>, values=0x0, keys=0x0, type=0x555555593ed0 "webp", user_data=0x7fffffffd310, save_func=0x7ffff7450a60 <save_to_buffer_callback>, pixbuf=0x5555557c5640) at ../gdk-pixbuf/gdk-pixbuf-io.c:2393
#3  gdk_pixbuf_save_to_callbackv (pixbuf=pixbuf@entry=0x5555557c5640, save_func=save_func@entry=0x7ffff7450a60 <save_to_buffer_callback>, user_data=user_data@entry=0x7fffffffd310, type=type@entry=0x555555593ed0 "webp", option_keys=option_keys@entry=0x0, option_values=option_values@entry=0x0, error=0x0) at ../gdk-pixbuf/gdk-pixbuf-io.c:2740
#4  0x00007ffff74544cf in gdk_pixbuf_save_to_bufferv (pixbuf=pixbuf@entry=0x5555557c5640, buffer=buffer@entry=0x7fffffffd4e0, buffer_size=buffer_size@entry=0x7fffffffd4d8, type=type@entry=0x555555593ed0 "webp", option_keys=option_keys@entry=0x0, option_values=option_values@entry=0x0, error=0x0) at ../gdk-pixbuf/gdk-pixbuf-io.c:2894
#5  0x00007ffff745467b in gdk_pixbuf_save_to_buffer (pixbuf=pixbuf@entry=0x5555557c5640, buffer=buffer@entry=0x7fffffffd4e0, buffer_size=buffer_size@entry=0x7fffffffd4d8, type=type@entry=0x555555593ed0 "webp", error=error@entry=0x0) at ../gdk-pixbuf/gdk-pixbuf-io.c:2803
#6  0x00007ffff78a74b4 in gtk_selection_data_set_pixbuf (selection_data=0x7fffffffd8c0, pixbuf=0x5555557c5640) at ../gtk/gtkselection.c:1762
#7  0x00007ffff769dd28 in _gtk_marshal_VOID__BOXED_UINT_UINTv (closure=0x5555558037d0, return_value=<optimized out>, instance=0x5555556c4250, args=<optimized out>, marshal_data=<optimized out>, n_params=<optimized out>, param_types=0x55555560cb80) at gtk/gtkmarshalers.c:3789
#8  0x00007ffff6ec3614 in _g_closure_invoke_va (param_types=0x55555560cb80, n_params=<optimized out>, args=0x7fffffffd730, instance=0x5555556c4250, return_value=0x0, closure=0x5555558037d0) at ../gobject/gclosure.c:895
#9  g_signal_emit_valist (instance=instance@entry=0x5555556c4250, signal_id=signal_id@entry=82, detail=0, var_args=var_args@entry=0x7fffffffd730) at ../gobject/gsignal.c:3456
#10 0x00007ffff6ec38f8 in g_signal_emit_by_name (instance=instance@entry=0x5555556c4250, detailed_signal=detailed_signal@entry=0x7ffff7aa2fc6 "selection-get") at ../gobject/gsignal.c:3648
#11 0x00007ffff78a8263 in gtk_selection_invoke_handler (widget=widget@entry=0x5555556c4250, data=data@entry=0x7fffffffd8c0, time=18450627) at ../gtk/gtkselection.c:3115
#12 0x00007ffff78a8483 in _gtk_selection_request (widget=0x5555556c4250, event=event@entry=0x5555555f0c90) at ../gtk/gtkselection.c:2502
#13 0x00007ffff769c848 in _gtk_marshal_BOOLEAN__BOXEDv (closure=0x55555560c1c0, return_value=0x7fffffffda80, instance=<optimized out>, args=<optimized out>, marshal_data=<optimized out>, n_params=<optimized out>, param_types=0x55555560c1f0) at gtk/gtkmarshalers.c:130
#14 0x00007ffff6ec3614 in _g_closure_invoke_va (param_types=0x55555560c1f0, n_params=<optimized out>, args=0x7fffffffdb30, instance=0x5555556c4250, return_value=0x7fffffffda80, closure=0x55555560c1c0) at ../gobject/gclosure.c:895
#15 g_signal_emit_valist (instance=0x5555556c4250, signal_id=79, detail=0, var_args=var_args@entry=0x7fffffffdb30) at ../gobject/gsignal.c:3456
#16 0x00007ffff6ec36f3 in g_signal_emit (instance=instance@entry=0x5555556c4250, signal_id=<optimized out>, detail=detail@entry=0) at ../gobject/gsignal.c:3606
#17 0x00007ffff797acf4 in gtk_widget_event_internal.part.0.lto_priv.0 (widget=0x5555556c4250, event=0x5555555f0c90) at ../gtk/gtkwidget.c:7812
#18 0x00007ffff780ce99 in gtk_main_do_event (event=<optimized out>) at ../gtk/gtkmain.c:1861
#19 gtk_main_do_event (event=<optimized out>) at ../gtk/gtkmain.c:1691
#20 0x00007ffff7e8cdf3 in _gdk_event_emit (event=0x5555555f0c90) at ../gdk/gdkevents.c:73
#21 _gdk_event_emit (event=0x5555555f0c90) at ../gdk/gdkevents.c:67
#22 0x00007ffff7edf566 in gdk_event_source_dispatch.lto_priv () at ../gdk/x11/gdkeventsource.c:354
#23 0x00007ffff6da7c7f in g_main_dispatch (context=0x5555555f2270) at ../glib/gmain.c:3454
#24 g_main_context_dispatch (context=0x5555555f2270) at ../glib/gmain.c:4172
#25 0x00007ffff6dfe118 in g_main_context_iterate.constprop.0 (context=0x5555555f2270, block=1, dispatch=1, self=<optimized out>) at ../glib/gmain.c:4248
#26 0x00007ffff6da724f in g_main_loop_run (loop=0x555555706fe0) at ../glib/gmain.c:4448
#27 0x00007ffff79adffe in gtk_clipboard_real_store (clipboard=0x55555579ebc0) at ../gtk/gtkclipboard.c:2176
#28 gtk_clipboard_real_store (clipboard=0x55555579ebc0) at ../gtk/gtkclipboard.c:2143
#29 0x00007ffff79a9277 in _gtk_clipboard_store_all () at ../gtk/gtkclipboard.c:2216
#30 0x00007ffff7808f65 in gtk_main () at ../gtk/gtkmain.c:1348
#31 0x000055555556567b in screenshooter_region_dialog_show (sd=<optimized out>, plugin=<optimized out>) at lib/screenshooter-dialogs.c:865
#32 0x0000555555561fd0 in main (argc=<optimized out>, argv=<optimized out>) at src/main.c:324


(gdb) list
346	    {
347	      GByteArray *arr = (GByteArray *) picture.custom_ptr;
348	      save_func ((const gchar *) arr->data, arr->len, error, user_data);
349	      g_byte_array_free (arr, TRUE);
350	
351	      if (*error)
352	        {
353	          WebPPictureFree (&picture);
354	          return FALSE;
355	        }


(gdb) p error
$4 = (GError **) 0x0

Hitting this with

$ xfce4-screenshooter --version
xfce4-screenshooter 1.10.3

$ rpm -qa | grep webp-pixbuf
webp-pixbuf-loader-0.2.0-1.fc37.x86_64

To repro, run xfce4-screenshooter, select a region of the screen and try to copy to clipboard. Saving to a file instead of saving to clipboard works though.

[aruiz]

Ugh, I know why this is happening. I will fix it soon.

[okias]

@aruiz nice! If it likely affects Debian, please bump to 0.2.1, I'll bump the package on Debian side :)

edit: for me the xfce4-screenshoter crashes on libX11, probably because using gnome-shell instead of xfce env.

[aruiz]

I think I just landed a fix in HEAD, I am trying to verify if it fixes the issue.

@krakopo If you can give f708996 a go in the meantime that'd help.

[aruiz]

Okay, I wasn't sure how to reproduce with the xfce screenshot tool but I did reproduce the error with a test, I have commited a test to prevent a regression.

@krakopo can you do a custom build and try to reproduce? you can just replace the .so file manually after you build it using meson

[krakopo]

@aruiz I tested it and it works with that change. Thanks!

[aruiz]

okay, I will tag a release

Thanks for the bug report, nice catch.