From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp12.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms9.migadu.com with LMTPS id 0AC0Of3EMWTiZAEASxT56A (envelope-from ) for ; Sat, 08 Apr 2023 21:48:14 +0200 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp12.migadu.com with LMTPS id eEaPOf3EMWS3vQAAauVa8A (envelope-from ) for ; Sat, 08 Apr 2023 21:48:13 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 933C22F65D for ; Sat, 8 Apr 2023 21:48:13 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1plEXc-0007Kn-4g; Sat, 08 Apr 2023 15:48:04 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1plEXa-0007KK-PB for guix-patches@gnu.org; Sat, 08 Apr 2023 15:48:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1plEXa-0004Fv-6F for guix-patches@gnu.org; Sat, 08 Apr 2023 15:48:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1plEXa-0002WA-1t for guix-patches@gnu.org; Sat, 08 Apr 2023 15:48:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#62467] [PATCH gnome-team v2 09/12] gnu: gtk+-2: Fix build by hardening list store. Resent-From: Maxim Cournoyer Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sat, 08 Apr 2023 19:48:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 62467 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Liliana Marie Prikler Cc: rg@raghavgururajan.name, 62467@debbugs.gnu.org Received: via spool by 62467-submit@debbugs.gnu.org id=B62467.16809832369474 (code B ref 62467); Sat, 08 Apr 2023 19:48:02 +0000 Received: (at 62467) by debbugs.gnu.org; 8 Apr 2023 19:47:16 +0000 Received: from localhost ([127.0.0.1]:59626 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1plEWp-0002Sj-RL for submit@debbugs.gnu.org; Sat, 08 Apr 2023 15:47:16 -0400 Received: from mail-qv1-f41.google.com ([209.85.219.41]:34401) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1plEWo-0002SV-7I for 62467@debbugs.gnu.org; Sat, 08 Apr 2023 15:47:14 -0400 Received: by mail-qv1-f41.google.com with SMTP id ks2so2312076qvb.1 for <62467@debbugs.gnu.org>; Sat, 08 Apr 2023 12:47:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; t=1680983229; x=1683575229; h=mime-version:user-agent:message-id:in-reply-to:date:references :subject:cc:to:from:from:to:cc:subject:date:message-id:reply-to; bh=OxaxbZTb7OCGUoNX220CjQg03sncc5JpourzVAcYsCQ=; b=oI7IDoJjA/E5I1W0MwljeaHLLkRtcW9IykmuIYepSjj3qA9Vu/ibDE31wnGpzmt9SF QBSUs6ERMhOdpfpYqwV4Y1dRhh9fQ0vlVKyaWolMj/u4o5JLMmRqXkbq67W31KYQFK6b hLosV9Rr7Ow+Yx/ff9Dg20HSA0dkFJqSXZeAY6fWC9kPsYwBHdI27A+psM5iqTdcci0h 6NZLH1OYSZz58zJ/uB4jxzrwvYo4/fHYMClsRMFyEdhcVdQF9XXhzdxiQrmV0JR2HeID 0kmNSc6swoRoGIzZZA+myMBfjMAvkKHo6Ik7Jrh04u6Lmv3C399RuCROqdexoU1F8EF9 qh8g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1680983229; x=1683575229; h=mime-version:user-agent:message-id:in-reply-to:date:references :subject:cc:to:from:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=OxaxbZTb7OCGUoNX220CjQg03sncc5JpourzVAcYsCQ=; b=3AFpaOZP8HiXkjGUABprv+7V7H/QoNPhdd3WLPqdE1WtATONeFBo5/nd5RzqkfjJ7N O11vwKP9rs02H6FLnfDBPIF8sHN1nOUBkoa2l6fhbGiGSqqRhNU5oiqAxGhJWaSIPtNV ksRDsZ4dzRcfmkdfEbxfCP9YOq6p0CHTZ6mWc0aZha919Wg4qyWk7mb7tin/xiSibWjW RXzBM2tlsKjzhXaiVXyjuFk5tWXtZfiRe80uHHwgFm4R5DB/rZEngNyBz/E3pG47z9EM HgCd7mA9bRtoE0F5e1F8jfls2DfQx9o3eAv4P9CQCo1lyTfrjq98nzJLrAWxK5DFeS+8 1zqw== X-Gm-Message-State: AAQBX9dr01qsRM7759+3JV/tYNV3ZNj2Iyjs7UehLIbMoNv9fGnBTpFu jBhpIwEX5frKlS7TpCAAkOM= X-Google-Smtp-Source: AKy350bMdz7pD69gLlF+uzPgBF5HjB5Af+p2zTIAhw9TVTeXUsFC6wsXIB/5+I6hD7DLWUzoQzfJtw== X-Received: by 2002:a05:6214:2401:b0:5a6:24f6:724d with SMTP id fv1-20020a056214240100b005a624f6724dmr10950178qvb.13.1680983228823; Sat, 08 Apr 2023 12:47:08 -0700 (PDT) Received: from hurd (dsl-205-233-125-210.b2b2c.ca. [205.233.125.210]) by smtp.gmail.com with ESMTPSA id r10-20020a0cf80a000000b005eac706d223sm3798qvn.124.2023.04.08.12.47.08 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 08 Apr 2023 12:47:08 -0700 (PDT) From: Maxim Cournoyer References: <09b3598cb0fb0acd211dd59fc10686188b941d8e.camel@gmail.com> Date: Sat, 08 Apr 2023 15:47:07 -0400 In-Reply-To: <09b3598cb0fb0acd211dd59fc10686188b941d8e.camel@gmail.com> (Liliana Marie Prikler's message of "Thu, 30 Mar 2023 20:41:59 +0200") Message-ID: <87fs9aqhqc.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN ARC-Seal: i=1; s=key1; d=yhetil.org; t=1680983293; a=rsa-sha256; cv=none; b=qcnJneY9YJgBDGKuwRiBXOCYHUYwPQaR7ZMuEBh8/gbKfwQwHT7KO5MmN8g8Jcix0wFUHu Sl/9kLOImCZ0/0eyxMrf7p9/ow7j2UPbmx9UiPigu8uwg2/nJwa27mz2RZiH5+rJJlU5kf MwEwehsgoaXGpNjlQtE0GxQmRszw4DnTEETTFqQDWOxHTUu6bYSQl6A6vQyPiqVee0Ui3O zBFwwUubew0VXjLfrTXb/LbfoLWVX1Qd4yofNCtOyaqKjX5vDk2F7OYA1gCEAgxfQ7LFs+ +eHzIPpMsddaE0noLjjMBIlu9PUoeU8Upyu0fPqbogbLHEb7YRLTU07PUoqkrA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20210112 header.b=oI7IDoJj; dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none); spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1680983293; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:resent-cc:resent-from:resent-sender: resent-message-id:in-reply-to:in-reply-to:references:references: list-id:list-help:list-unsubscribe:list-subscribe:list-post: dkim-signature; bh=OxaxbZTb7OCGUoNX220CjQg03sncc5JpourzVAcYsCQ=; b=rb+WnVxY2tRPPoK3c2Rsmmu8gRB+roO0H3hHBNH77SLUenc5awIz+WCzT9WNnjRXgPtnk8 lzxBwHvg1jjLyB/ehvZajKEcznU3p/melIZxQdAJZ4vRXWbLzwV5RqrG62ZoY6WNWXTrsG u/2mWmhDyLrqE6fVBTQMVaF76MeKpH/tZHIpWmzfyfFtxteb3b5IraxhRHWMLmIomlIDqe KB5quzzVLk6buqd687SDEyl5avuihTH6BqR5ke/uBqXbClICXniCMqi+ibof0AP9vWWfVG Xe0T4j4ky72oAKitkfaNitR6Alhs8ApCZk9pjTm1FKKQvTBFmT40jL37qRFJ+w== Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20210112 header.b=oI7IDoJj; dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none); spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" X-Migadu-Scanner: scn0.migadu.com X-Migadu-Spam-Score: -1.12 X-Spam-Score: -1.12 X-Migadu-Queue-Id: 933C22F65D X-TUID: /jgrgptO5LJw Hi, Liliana Marie Prikler writes: > * gnu/packages/patches/gtk2-harden-list-store.patch: New file. > * gnu/packages/gtk.scm (gtk+-2)[patches]: Add it here. > * gnu/local.mk (dist_patch_DATA): Register it here. > --- > gnu/local.mk | 1 + > gnu/packages/gtk.scm | 1 + > .../patches/gtk2-harden-list-store.patch | 42 +++++++++++++++++++ > 3 files changed, 44 insertions(+) > create mode 100644 gnu/packages/patches/gtk2-harden-list-store.patch > > diff --git a/gnu/local.mk b/gnu/local.mk > index 3e94281ccf..31456c5be8 100644 > --- a/gnu/local.mk > +++ b/gnu/local.mk > @@ -1303,6 +1303,7 @@ dist_patch_DATA = \ > %D%/packages/patches/guile-rsvg-pkgconfig.patch \ > %D%/packages/patches/guile-emacs-fix-configure.patch \ > %D%/packages/patches/gtk2-fix-builder-test.patch \ > + %D%/packages/patches/gtk2-harden-list-store.patch \ > %D%/packages/patches/gtk2-respect-GUIX_GTK2_PATH.patch \ > %D%/packages/patches/gtk2-respect-GUIX_GTK2_IM_MODULE_FILE.patch \ > %D%/packages/patches/gtk2-theme-paths.patch \ > diff --git a/gnu/packages/gtk.scm b/gnu/packages/gtk.scm > index c756f39e24..196d767160 100644 > --- a/gnu/packages/gtk.scm > +++ b/gnu/packages/gtk.scm > @@ -1014,6 +1014,7 @@ (define-public gtk+-2 > "1nn6kks1zyvb5xikr9y2k7r9bwjy1g4b0m0s66532bclymbwfamc")) > (patches (search-patches "gtk2-respect-GUIX_GTK2_PATH.patch" > "gtk2-respect-GUIX_GTK2_IM_MODULE_FILE.patch" > + "gtk2-harden-list-store.patch" > "gtk2-theme-paths.patch" > "gtk2-fix-builder-test.patch")))) > (build-system gnu-build-system) > diff --git a/gnu/packages/patches/gtk2-harden-list-store.patch b/gnu/packages/patches/gtk2-harden-list-store.patch > new file mode 100644 > index 0000000000..b107ba2bcc > --- /dev/null > +++ b/gnu/packages/patches/gtk2-harden-list-store.patch > @@ -0,0 +1,42 @@ > +Mimic the implemenetation in gtk+-3. Typo: implementation. I'd like to see a bit more metadata in this patch; is it original work, or was it retrieved from another distribution such as Debian? It probably exists elsewhere, if GTK2 can't be built anymore otherwise? Does upstream still maintain GTK2, or is it completely abandoned? > + > +Index: gtk+-2.24.33/gtk/gtkliststore.c > +=================================================================== > +--- gtk+-2.24.33.orig/gtk/gtkliststore.c > ++++ gtk+-2.24.33/gtk/gtkliststore.c > +@@ -1195,16 +1195,31 @@ gboolean > + gtk_list_store_iter_is_valid (GtkListStore *list_store, > + GtkTreeIter *iter) > + { > ++ GSequenceIter *seq_iter; > ++ > + g_return_val_if_fail (GTK_IS_LIST_STORE (list_store), FALSE); > + g_return_val_if_fail (iter != NULL, FALSE); > + > +- if (!VALID_ITER (iter, list_store)) > +- return FALSE; > ++ /* can't use VALID_ITER() here, because iter might point > ++ * to random memory. > ++ * > ++ * We MUST NOT dereference it. > ++ */ > + > +- if (g_sequence_iter_get_sequence (iter->user_data) != list_store->seq) > ++ if (iter == NULL || > ++ iter->user_data == NULL || > ++ list_store->stamp != iter->stamp) > + return FALSE; > + > +- return TRUE; > ++ for (seq_iter = g_sequence_get_begin_iter (list_store->seq); > ++ !g_sequence_iter_is_end (seq_iter); > ++ seq_iter = g_sequence_iter_next (seq_iter)) > ++ { > ++ if (seq_iter == iter->user_data) > ++ return TRUE; > ++ } > ++ > ++ return FALSE; > + } > + > + static gboolean real_gtk_list_store_row_draggable (GtkTreeDragSource *drag_source, I don't know my way much in this code base, but the above looks reasonable to me, especially if it was mostly copy-pasted from GTK 3. -- Thanks, Maxim