[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1032260: marked as done (unblock: mutter/43.3-4)

Your message dated Fri, 03 Mar 2023 09:16:55 +0000
with message-id <E1pY1X5-00FdqP-Ov@respighi.debian.org>
and subject line unblock mutter
has caused the Debian Bug report #1032260,
regarding unblock: mutter/43.3-4
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1032260: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032260
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: mutter@packages.debian.org
Control: affects -1 + src:mutter

Please unblock package mutter

[ Reason ]
Fix a crash when plugging in a Lenovo Thunderbolt dock (#1031847)

[ Impact ]
Desktop environment crash when connecting certain Thunderbolt docks
(maybe also monitors) that have an invalid ICC profile in their EDID data

[ Tests ]
Bug reporter confirmed that an earlier test-build of the patched package
resolves their crash.

The uploaded version is functionally very similar, but logs an error
message instead of crashing in a related "can't happen" situation,
as requested in the upstream merge request. I've installed it on my
laptop and it works normally, but I don't have the necessary hardware
to reproduce the crash.

[ Risks ]
This is a highly visible component of our default desktop environment,
but the change is straightforward. If it introduces a bug, the bug should
be minor (a memory leak, once per device connected).

[ Checklist ]
  [x] all changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in testing

unblock mutter/43.3-4

diffstat for mutter-43.3 mutter-43.3

 debian/changelog                                                               |   10 ++
 debian/patches/color-device-Don-t-close-lcms-profile-on-error-from-cd_ic.patch |   47 ++++++++++
 debian/patches/color-device-Make-sure-lcms_context-is-not-NULL.patch           |   44 +++++++++
 debian/patches/series                                                          |    2 
 src/backends/meta-color-device.c                                               |   17 ++-
 5 files changed, 114 insertions(+), 6 deletions(-)

diff -Nru mutter-43.3/debian/changelog mutter-43.3/debian/changelog
--- mutter-43.3/debian/changelog	2023-02-18 18:44:12.000000000 +0000
+++ mutter-43.3/debian/changelog	2023-03-02 08:50:50.000000000 +0000
@@ -1,3 +1,13 @@
+mutter (43.3-4) unstable; urgency=medium
+
+  * Team upload
+  * d/p/color-device-Make-sure-lcms_context-is-not-NULL.patch,
+    d/p/color-device-Don-t-close-lcms-profile-on-error-from-cd_ic.patch:
+    Fix a double-free when loading the ICC profile from a device's EDID
+    fails (Closes: #1031847)
+
+ -- Simon McVittie <smcv@debian.org>  Thu, 02 Mar 2023 08:50:50 +0000
+
 mutter (43.3-3) unstable; urgency=medium
 
   * Team upload
diff -Nru mutter-43.3/debian/patches/color-device-Don-t-close-lcms-profile-on-error-from-cd_ic.patch mutter-43.3/debian/patches/color-device-Don-t-close-lcms-profile-on-error-from-cd_ic.patch
--- mutter-43.3/debian/patches/color-device-Don-t-close-lcms-profile-on-error-from-cd_ic.patch	1970-01-01 01:00:00.000000000 +0100
+++ mutter-43.3/debian/patches/color-device-Don-t-close-lcms-profile-on-error-from-cd_ic.patch	2023-03-02 08:50:50.000000000 +0000
@@ -0,0 +1,47 @@
+From: Simon McVittie <smcv@debian.org>
+Date: Wed, 1 Mar 2023 10:12:12 +0000
+Subject: color-device: Don't close lcms profile on error from
+ cd_icc_load_handle
+
+As implemented in colord 1.4.6, cd_icc_load_handle() has three possible
+results:
+
+1. success, taking ownership of the profile;
+2. failure because cmsGetProfileContextID returns NULL, *not* taking
+   ownership of the profile;
+3. failure in cd_icc_load(), taking ownership of the profile.
+
+The previous commit ensures that we are not in case 2.
+
+In case 3 where cd_icc_load() fails, ownership was already given to
+the colord CdIcc object, so it will be freed when the g_autoptr unrefs
+the CdIcc, and we must not free it again: that would be a double-free,
+potentially resulting in memory corruption.
+
+Bug: https://gitlab.gnome.org/GNOME/mutter/-/issues/2659
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031847
+Signed-off-by: Simon McVittie <smcv@debian.org>
+Forwarded: https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/2877
+---
+ src/backends/meta-color-device.c | 7 ++-----
+ 1 file changed, 2 insertions(+), 5 deletions(-)
+
+diff --git a/src/backends/meta-color-device.c b/src/backends/meta-color-device.c
+index ea3b9de..bb87f48 100644
+--- a/src/backends/meta-color-device.c
++++ b/src/backends/meta-color-device.c
+@@ -890,12 +890,9 @@ create_icc_profile_from_edid (MetaColorDevice     *color_device,
+   cmsSetHeaderRenderingIntent (lcms_profile, INTENT_PERCEPTUAL);
+   cmsSetDeviceClass (lcms_profile, cmsSigDisplayClass);
+ 
+-  if (!cd_icc_load_handle (cd_icc, lcms_profile,
++  if (!cd_icc_load_handle (cd_icc, g_steal_pointer (&lcms_profile),
+                            CD_ICC_LOAD_FLAGS_PRIMARIES, error))
+-    {
+-      cmsCloseProfile (lcms_profile);
+-      return NULL;
+-    }
++    return NULL;
+ 
+   cd_icc_add_metadata (cd_icc, CD_PROFILE_PROPERTY_FILENAME, file_path);
+   cd_icc_add_metadata (cd_icc,
diff -Nru mutter-43.3/debian/patches/color-device-Make-sure-lcms_context-is-not-NULL.patch mutter-43.3/debian/patches/color-device-Make-sure-lcms_context-is-not-NULL.patch
--- mutter-43.3/debian/patches/color-device-Make-sure-lcms_context-is-not-NULL.patch	1970-01-01 01:00:00.000000000 +0100
+++ mutter-43.3/debian/patches/color-device-Make-sure-lcms_context-is-not-NULL.patch	2023-03-02 08:50:50.000000000 +0000
@@ -0,0 +1,44 @@
+From: Simon McVittie <smcv@debian.org>
+Date: Wed, 1 Mar 2023 10:12:03 +0000
+Subject: color-device: Make sure lcms_context is not NULL
+
+lcms interprets a NULL context as using a default, non-thread-safe
+context, which is unsuitable for mutter's use. Make sure we're always
+using a non-trivial context.
+
+Bug: https://gitlab.gnome.org/GNOME/mutter/-/issues/2659
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031847
+Signed-off-by: Simon McVittie <smcv@debian.org>
+Forwarded: https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/2877
+---
+ src/backends/meta-color-device.c | 10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/src/backends/meta-color-device.c b/src/backends/meta-color-device.c
+index c0a98a4..ea3b9de 100644
+--- a/src/backends/meta-color-device.c
++++ b/src/backends/meta-color-device.c
+@@ -846,6 +846,15 @@ create_icc_profile_from_edid (MetaColorDevice     *color_device,
+       return NULL;
+     }
+ 
++  lcms_context = meta_color_manager_get_lcms_context (color_manager);
++
++  if (!lcms_context)
++    {
++      g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
++                   "Internal error: no LCMS context available");
++      return NULL;
++    }
++
+   cd_icc = cd_icc_new ();
+ 
+   chroma.Red.x = edid_info->red_x;
+@@ -863,7 +872,6 @@ create_icc_profile_from_edid (MetaColorDevice     *color_device,
+   transfer_curve[1] = transfer_curve[0];
+   transfer_curve[2] = transfer_curve[0];
+ 
+-  lcms_context = meta_color_manager_get_lcms_context (color_manager);
+   lcms_profile = cmsCreateRGBProfileTHR (lcms_context,
+                                          &white_point,
+                                          &chroma,
diff -Nru mutter-43.3/debian/patches/series mutter-43.3/debian/patches/series
--- mutter-43.3/debian/patches/series	2023-02-18 18:44:12.000000000 +0000
+++ mutter-43.3/debian/patches/series	2023-03-02 08:50:50.000000000 +0000
@@ -1,4 +1,6 @@
 x11-Avoid-updating-focus-on-wayland-compositor.patch
+color-device-Make-sure-lcms_context-is-not-NULL.patch
+color-device-Don-t-close-lcms-profile-on-error-from-cd_ic.patch
 wayland-Don-t-overwrite-surface-offsets.patch
 tests-Break-up-stacking-installed-tests-into-more-smaller.patch
 meson-add-back-default_driver-option.patch
diff -Nru mutter-43.3/src/backends/meta-color-device.c mutter-43.3/src/backends/meta-color-device.c
--- mutter-43.3/src/backends/meta-color-device.c	2023-02-13 18:12:26.000000000 +0000
+++ mutter-43.3/src/backends/meta-color-device.c	2023-03-02 11:27:42.000000000 +0000
@@ -846,6 +846,15 @@
       return NULL;
     }
 
+  lcms_context = meta_color_manager_get_lcms_context (color_manager);
+
+  if (!lcms_context)
+    {
+      g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
+                   "Internal error: no LCMS context available");
+      return NULL;
+    }
+
   cd_icc = cd_icc_new ();
 
   chroma.Red.x = edid_info->red_x;
@@ -863,7 +872,6 @@
   transfer_curve[1] = transfer_curve[0];
   transfer_curve[2] = transfer_curve[0];
 
-  lcms_context = meta_color_manager_get_lcms_context (color_manager);
   lcms_profile = cmsCreateRGBProfileTHR (lcms_context,
                                          &white_point,
                                          &chroma,
@@ -882,12 +890,9 @@
   cmsSetHeaderRenderingIntent (lcms_profile, INTENT_PERCEPTUAL);
   cmsSetDeviceClass (lcms_profile, cmsSigDisplayClass);
 
-  if (!cd_icc_load_handle (cd_icc, lcms_profile,
+  if (!cd_icc_load_handle (cd_icc, g_steal_pointer (&lcms_profile),
                            CD_ICC_LOAD_FLAGS_PRIMARIES, error))
-    {
-      cmsCloseProfile (lcms_profile);
-      return NULL;
-    }
+    return NULL;
 
   cd_icc_add_metadata (cd_icc, CD_PROFILE_PROPERTY_FILENAME, file_path);
   cd_icc_add_metadata (cd_icc,

--- End Message ---
--- Begin Message --- 
Unblocked.

--- End Message ---
Reply to: