X2Go Bug report logs - #1333
Invalid parent widget cast in InteractionDialog

version graph

Package: x2goclient; Maintainer for x2goclient is X2Go Developers <x2go-dev@lists.x2go.org>; Source for x2goclient is src:x2goclient.

Reported by: Timo Teras <timo.teras@iki.fi>

Date: Mon, 8 Oct 2018 11:15:02 UTC

Severity: normal

Found in version 4.1.2.1

Full log


🔗 View this message in rfc822 format

X-Loop: owner@bugs.x2go.org
Subject: Bug#1333: Invalid parent widget cast in InteractionDialog
Reply-To: Timo Teras <timo.teras@iki.fi>, 1333@bugs.x2go.org
Resent-From: Timo Teras <timo.teras@iki.fi>
Resent-To: x2go-dev@lists.x2go.org
Resent-CC: X2Go Developers <x2go-dev@lists.x2go.org>
X-Loop: owner@bugs.x2go.org
Resent-Date: Mon, 08 Oct 2018 11:15:02 +0000
Resent-Message-ID: <handler.1333.B.153899724226420@bugs.x2go.org>
Resent-Sender: owner@bugs.x2go.org
X-X2Go-PR-Message: report 1333
X-X2Go-PR-Package: x2goclient
X-X2Go-PR-Keywords: 
Received: via spool by submit@bugs.x2go.org id=B.153899724226420
          (code B); Mon, 08 Oct 2018 11:15:02 +0000
Received: (at submit) by bugs.x2go.org; 8 Oct 2018 11:14:02 +0000
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on
	ymir.das-netzwerkteam.de
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=3.0 tests=BAYES_00 autolearn=ham
	autolearn_force=no version=3.4.1
Received: from localhost (localhost [127.0.0.1])
	by ymir.das-netzwerkteam.de (Postfix) with ESMTP id 045F75DAE6
	for <submit@bugs.x2go.org>; Mon,  8 Oct 2018 13:13:50 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at ymir.das-netzwerkteam.de
Received: from ymir.das-netzwerkteam.de ([127.0.0.1])
	by localhost (ymir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id UyooI9SsWcx3 for <submit@bugs.x2go.org>;
	Mon,  8 Oct 2018 13:13:44 +0200 (CEST)
Received: from mail-lj1-f180.google.com (mail-lj1-f180.google.com [209.85.208.180])
	by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id BDF7E5DA7A
	for <submit@bugs.x2go.org>; Mon,  8 Oct 2018 13:13:43 +0200 (CEST)
Received: by mail-lj1-f180.google.com with SMTP id y71-v6so17464094lje.9
        for <submit@bugs.x2go.org>; Mon, 08 Oct 2018 04:13:43 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:date:from:to:subject:message-id:mime-version
         :content-transfer-encoding;
        bh=i70ST6yUmG9ByChTKp7+ES7bi0AL3Nq73xSyaRKuiXw=;
        b=CRKVtfHHazIOusBZLipEhHKdvexQy2tRyhhkRpRUITEFu+6p0vGdrNIjjw/GTjhCq/
         aMmHTI41ZA+wEc0uonUscgJ4mNzsPGNvYmSCasmC1XMFKScs30cRUKOEHhml3L8WyoQG
         j6cX58UoOsKNZyPj6OWAt/1bo1b47E+rc2ZdFBwa67Hoy0nmVBH7XByNV7KcIlH4MjgJ
         xAPNcC0O+IvJfY3ssYS9hCwHuhG4RARqOZ9R3FOVF4ZguAcXaoOcI0jgKrZLtE6sAu6J
         9/H4H8kxqZl0sKpBS5RkHK5jyeVCvZ/EOQ65DRFem7MnwBQXGNLBmxYV5SXP1PH+aLbq
         HhaA==
X-Gm-Message-State: ABuFfoh8nxRE8KejTXw0rsZNOEZkTlu75OGZkHEMHkx8dI3HAoPilR8V
	GDkxI+2kHOSk6MQNH8ywgWSuD0NZ
X-Google-Smtp-Source: ACcGV627aWMDQ/zpglH4nrv8vYjSckgbyGh39+gzAskhgSPnqXFJbVDSejyOJQMhrnB7gpyja3G9wg==
X-Received: by 2002:a2e:9bd0:: with SMTP id w16-v6mr14618396ljj.55.1538997222764;
        Mon, 08 Oct 2018 04:13:42 -0700 (PDT)
Received: from vostro ([83.145.235.201])
        by smtp.gmail.com with ESMTPSA id m88-v6sm4057948lje.14.2018.10.08.04.13.41
        for <submit@bugs.x2go.org>
        (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
        Mon, 08 Oct 2018 04:13:42 -0700 (PDT)
Date: Mon, 8 Oct 2018 14:13:39 +0300
From: Timo Teras <timo.teras@iki.fi>
To: submit@bugs.x2go.org
Message-ID: <20181008141339.319910e6@vostro>
X-Mailer: Claws Mail 3.17.1 (GTK+ 2.24.32; x86_64-alpine-linux-musl)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Package: x2goclient
Version: 4.1.2.1

Running x2goclient in valgrind results in the following invalid reads:

==24194== Invalid read of size 1
==24194==    at 0x1AD4BD: InteractionDialog::InteractionDialog(QWidget*) (InteractionDialog.cpp:40)
==24194==    by 0x16F9FB: ONMainWindow::ONMainWindow(QWidget*) (onmainwindow.cpp:462)
==24194==    by 0x1BF5F3: x2goMain (ongetpass.cpp:110)
==24194==    by 0x1D689C: fork_helper(int, char**) (x2goclient.cpp:89)
==24194==    by 0x130F66: main (x2goclient.cpp:123)
==24194==  Address 0x4a2ccd2 is 14 bytes before a block of size 488 alloc'd
==24194==    at 0x489DD28: operator new(unsigned long) (vg_replace_malloc.c:334)
==24194==    by 0x5F79687: QFrame::QFrame(QWidget*, QFlags<Qt::WindowType>) (in /usr/lib/libQt5Widgets.so.5.10.1)
==24194==    by 0x1ACDED: SVGFrame::SVGFrame(QString, bool, QWidget*, QFlags<Qt::WindowType>) (SVGFrame.cpp:29)
==24194==    by 0x16F44A: ONMainWindow::ONMainWindow(QWidget*) (onmainwindow.cpp:361)
==24194==    by 0x1BF5F3: x2goMain (ongetpass.cpp:110)
==24194==    by 0x1D689C: fork_helper(int, char**) (x2goclient.cpp:89)
==24194==    by 0x130F66: main (x2goclient.cpp:123)
==24194== 
==24194== Invalid read of size 1
==24194==    at 0x1AD6DE: InteractionDialog::InteractionDialog(QWidget*) (InteractionDialog.cpp:62)
==24194==    by 0x16F9FB: ONMainWindow::ONMainWindow(QWidget*) (onmainwindow.cpp:462)
==24194==    by 0x1BF5F3: x2goMain (ongetpass.cpp:110)
==24194==    by 0x1D689C: fork_helper(int, char**) (x2goclient.cpp:89)
==24194==    by 0x130F66: main (x2goclient.cpp:123)
==24194==  Address 0x4a2ccd2 is 14 bytes before a block of size 488 alloc'd
==24194==    at 0x489DD28: operator new(unsigned long) (vg_replace_malloc.c:334)
==24194==    by 0x5F79687: QFrame::QFrame(QWidget*, QFlags<Qt::WindowType>) (in /usr/lib/libQt5Widgets.so.5.10.1)
==24194==    by 0x1ACDED: SVGFrame::SVGFrame(QString, bool, QWidget*, QFlags<Qt::WindowType>) (SVGFrame.cpp:29)
==24194==    by 0x16F44A: ONMainWindow::ONMainWindow(QWidget*) (onmainwindow.cpp:361)
==24194==    by 0x1BF5F3: x2goMain (ongetpass.cpp:110)
==24194==    by 0x1D689C: fork_helper(int, char**) (x2goclient.cpp:89)
==24194==    by 0x130F66: main (x2goclient.cpp:123)

InteractionDialog::InteractionDialog incorrectly casts parent widget to
ONMainWindows (it is in reality of type SVGFrame).

I am not sure what is the preferred fix, but one option for the fix is
as follows:

diff --git a/src/InteractionDialog.cpp b/src/InteractionDialog.cpp
index 6ab5d45..4e6ff07 100644
--- a/src/InteractionDialog.cpp
+++ b/src/InteractionDialog.cpp
@@ -32,12 +32,10 @@
 #endif
 #endif
 
-InteractionDialog::InteractionDialog(QWidget* parent): SVGFrame(":/img/svg/passform.svg",
+InteractionDialog::InteractionDialog(QWidget* parent, int miniMode): SVGFrame(":/img/svg/passform.svg",
             false,parent )
 {
-    mw=(ONMainWindow*)parent;
-
-    if ( !mw->retMiniMode() )
+    if ( !miniMode )
         setFixedSize ( this->sizeHint().width(),this->sizeHint().height()*1.5 );
     else
         setFixedSize ( 310,280 );
@@ -59,7 +57,7 @@ InteractionDialog::InteractionDialog(QWidget* parent): SVGFrame(":/img/svg/passf
     pal.setColor ( QPalette::Base, QColor ( 255,255,255,255 ) );
 
     QFont fnt=this->font();
-    if ( mw->retMiniMode() )
+    if ( miniMode )
 #ifdef Q_WS_HILDON
         fnt.setPointSize ( 10 );
 #else
diff --git a/src/InteractionDialog.h b/src/InteractionDialog.h
index c0238eb..14cee44 100644
--- a/src/InteractionDialog.h
+++ b/src/InteractionDialog.h
@@ -32,7 +32,7 @@ class InteractionDialog: public SVGFrame
     Q_OBJECT
 public:
     enum IMode {SESSION,BROKER};
-    InteractionDialog ( QWidget* parent=0);
+    InteractionDialog ( QWidget* parent=0, int miniMode=0);
     virtual ~InteractionDialog();
     void reset();
     void appendText(QString txt);
@@ -46,7 +46,6 @@ public:
         return interactionMode;
     }
 private:
-    ONMainWindow* mw;
     QTextEdit* textEdit;
     QPushButton* cancelButton;
     QLineEdit* textEntry;
diff --git a/src/onmainwindow.cpp b/src/onmainwindow.cpp
index 52e765c..00c6eb2 100644
--- a/src/onmainwindow.cpp
+++ b/src/onmainwindow.cpp
@@ -460,7 +460,7 @@ ONMainWindow::ONMainWindow ( QWidget *parent ) :QMainWindow ( parent )
     initPassDlg();
     initSelectSessDlg();
     initStatusDlg();
-    interDlg=new InteractionDialog(bgFrame);
+    interDlg=new InteractionDialog(bgFrame, miniMode);
     connect(interDlg, SIGNAL(closeInterractionDialog()), this, SLOT(slotCloseInteractionDialog()));
     username->addWidget ( interDlg );
 

Send a report that this bug log contains spam.


X2Go Developers <owner@bugs.x2go.org>. Last modified: Tue Jan 31 17:01:33 2023; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.