rpms / qt5-qtwayland

Clone
Source Code
GIT

#1 (for master) Cherry-pick fix for clipboard related crash from v5.15.0
Merged 4 years ago by jgrulich. Opened 4 years ago by ivanmironov.
https://github.com/im-0/fedora-rpm.qt5-qtwayland fix-clipboard-crash.master  into  master

Cherry-pick fix for clipboard related crash from v5.15.0
Ivan Mironov • 4 years ago  
ff1f7b4
qt5-qtwayland.spec
file modified
+9 -1 
@@ -3,7 +3,7 @@
 

  Summary: Qt5 - Wayland platform support and QtCompositor module
 

  Name:    qt5-%{qt_module}
 

  Version: 5.14.2
 

- Release: 2%{?dist}
 

+ Release: 3%{?dist}
 

  

  License: LGPLv3
 

  Url:     http://www.qt.io
 
@@ -16,6 +16,11 @@
 

  # https://bugzilla.redhat.com/show_bug.cgi?id=1823984
 

  Patch0:  qtwayland-dont-force-gamma-correction-off.patch
 

  

+ # Transferring large amounts of data via clipboard may lead to
 

+ # stack overflow and segmentation fault because of recursion in
 

+ # QtWaylandClient::QWaylandMimeData::readData().
 

+ Patch1:  qtwayland-remove-recursion-in-data-offer-retrieval.patch
 

+ 

  # Upstreamable patches
 

  # https://fedoraproject.org/wiki/Changes/Qt_Wayland_By_Default_On_Gnome
 

  # https://bugzilla.redhat.com/show_bug.cgi?id=1732129
 
@@ -126,6 +131,9 @@
 

  

  

  %changelog
 

+ * Thu Apr 30 2020 Ivan Mironov <mironov.ivan@gmail.com> - 5.14.2-3
 

+ - Cherry-pick fix for clipboard related crash from v5.15.0
 

+ 

  * Tue Apr 21 2020 Jan Grulich <jgrulich@redhat.com> - 5.14.2-2
 

  - Fix bold font rendering
 

    Resolves: bz#1823984

qtwayland-remove-recursion-in-data-offer-retrieval.patch
file added
+64 
@@ -0,0 +1,64 @@
 

+ From 80bf946e78b5b5b4276668249eb1fab769259426 Mon Sep 17 00:00:00 2001
 

+ From: David Edmundson <davidedmundson@kde.org>
 

+ Date: Tue, 23 Jul 2019 08:44:46 +0200
 

+ Subject: [PATCH] Client: Remove recursion in data offer retrieval
 

+ 

+ A loop functions just as well is more readable and uses less stack
 

+ memory.
 

+ 

+ Change-Id: I6f6c6b7b8047c42080fb8b9e0bc3eae96f8872ab
 

+ Reviewed-by: David Faure <david.faure@kdab.com>
 

+ Reviewed-by: Johan Helsing <johan.helsing@qt.io>
 

+ ---
 

+  src/client/qwaylanddataoffer.cpp | 37 +++++++++++++++++---------------
 

+  1 file changed, 20 insertions(+), 17 deletions(-)
 

+ 

+ diff --git a/src/client/qwaylanddataoffer.cpp b/src/client/qwaylanddataoffer.cpp
 

+ index 4c06277f..2297e8a1 100644
 

+ --- a/src/client/qwaylanddataoffer.cpp
 

+ +++ b/src/client/qwaylanddataoffer.cpp
 

+ @@ -170,24 +170,27 @@ int QWaylandMimeData::readData(int fd, QByteArray &data) const
 

+      timeout.tv_sec = 1;
 

+      timeout.tv_usec = 0;
 

+  

+ -    int ready = select(FD_SETSIZE, &readset, nullptr, nullptr, &timeout);
 

+ -    if (ready < 0) {
 

+ -        qWarning() << "QWaylandDataOffer: select() failed";
 

+ -        return -1;
 

+ -    } else if (ready == 0) {
 

+ -        qWarning("QWaylandDataOffer: timeout reading from pipe");
 

+ -        return -1;
 

+ -    } else {
 

+ -        char buf[4096];
 

+ -        int n = QT_READ(fd, buf, sizeof buf);
 

+ -
 

+ -        if (n > 0) {
 

+ -            data.append(buf, n);
 

+ -            n = readData(fd, data);
 

+ -        } else if (n < 0) {
 

+ -            qWarning("QWaylandDataOffer: read() failed");
 

+ +    Q_FOREVER {
 

+ +        int ready = select(FD_SETSIZE, &readset, nullptr, nullptr, &timeout);
 

+ +        if (ready < 0) {
 

+ +            qWarning() << "QWaylandDataOffer: select() failed";
 

+ +            return -1;
 

+ +        } else if (ready == 0) {
 

+ +            qWarning("QWaylandDataOffer: timeout reading from pipe");
 

+ +            return -1;
 

+ +        } else {
 

+ +            char buf[4096];
 

+ +            int n = QT_READ(fd, buf, sizeof buf);
 

+ +
 

+ +            if (n < 0) {
 

+ +                qWarning("QWaylandDataOffer: read() failed");
 

+ +                return -1;
 

+ +            } else if (n == 0) {
 

+ +                return 0;
 

+ +            } else if (n > 0) {
 

+ +                data.append(buf, n);
 

+ +            }
 

+          }
 

+ -        return n;
 

+      }
 

+  }
 

+

no initial comment

Crash can be reproduced easily with telegram-desktop from RPM Fusion
and wl-clipboard:

  1. Run dd if=/dev/zero bs=1024 count=10240 | wl-copy -f -o -t image/bmp.
  2. Try to paste into any Telegram chat.

Resulting backtrace contains a lot of lines like following:

    ...
    #1897 0x00007fffe1da600c in QtWaylandClient::QWaylandMimeData::readData (this=0x53f3aa0, fd=31, data=...) at qwaylanddataoffer.cpp:186
    #1898 0x00007fffe1da600c in QtWaylandClient::QWaylandMimeData::readData (this=0x53f3aa0, fd=31, data=...) at qwaylanddataoffer.cpp:186
    #1899 0x00007fffe1da600c in QtWaylandClient::QWaylandMimeData::readData (this=0x53f3aa0, fd=31, data=...) at qwaylanddataoffer.cpp:186
    ...

Note that this is not 100% reproducible when copying large images from
other applications (like Firefox). This is because other applications
are sometimes not fast enough for one-second timeout hadcoded in
QtWayland.

Pull-Request has been merged by jgrulich
4 years ago
Metadata
None
No Tags
Flags
simple-koji-ci
success
Build completed
4 years ago
Changes Summary 2
+9 -1
file changed
qt5-qtwayland.spec
+64
file added
qtwayland-remove-recursion-in-data-offer-retrieval.patch
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.