clipboard-manager: Use-after-free in g_str_hash
Description
I sometimes trigger this use-after-free in a guest VM when trying to copy text from LibreOffice Calc on my host machine to the guest.
It seems to coincide with the copy operation failing to place contents on the clipboard.
Backtrace
ERROR: AddressSanitizer: heap-use-after-free on address 0x5030008dd570 at pc 0x7907b265c78b bp 0x7ffc379403f0 sp 0x7ffc379403e0
READ of size 1 at 0x5030008dd570 thread T0
#0 0x7907b265c78a in g_str_hash glib/ghash.c:2474
#1 0x7907b264f131 in g_hash_table_lookup_node glib/ghash.c:421
#2 0x7907b2658063 in g_hash_table_lookup_extended glib/ghash.c:1525
#3 0x7907af6bcfc9 in intern_atom_internal gdk/gdkproperty.c:171
#4 0x7907af6bd137 in gdk_atom_intern gdk/gdkproperty.c:200
#5 0x7907b0363d69 in gtk_target_list_add_table gtk/gtkselection.c:556
#6 0x7907b0364f02 in gtk_selection_add_targets gtk/gtkselection.c:1004
#7 0x7907b05a9fef in gtk_clipboard_set_contents gtk/gtkclipboard.c:634
#8 0x7907b05aad5a in gtk_clipboard_set_with_data gtk/gtkclipboard.c:675
#9 0x7907af36e324 in owner_change libxfce4ui/xfce-clipboard-manager.c:1255
#10 0x7907b0d717e7 in g_cclosure_marshal_VOID__BOXED gobject/gmarshal.c:1628
#11 0x7907b0d62d09 in g_closure_invoke gobject/gclosure.c:833
#12 0x7907b0db7691 in signal_emit_unlocked_R gobject/gsignal.c:3902
#13 0x7907b0dbca23 in signal_emit_valist_unlocked gobject/gsignal.c:3534
#14 0x7907b0dcb2d3 in g_signal_emit_valist gobject/gsignal.c:3277
#15 0x7907b0dcb3fc in g_signal_emit gobject/gsignal.c:3597
#16 0x7907b05ad316 in _gtk_clipboard_handle_event gtk/gtkclipboard.c:2031
#17 0x7907b02393fc in gtk_main_do_event gtk/gtkmain.c:1709
#18 0x7907af6a6286 in _gdk_event_emit gdk/gdkevents.c:73
#19 0x7907af75fbe2 in gdk_event_source_dispatch gdk/x11/gdkeventsource.c:367
#20 0x7907b269eb58 in g_main_dispatch glib/gmain.c:3398
#21 0x7907b269eb58 in g_main_context_dispatch_unlocked glib/gmain.c:4249
#22 0x7907b26aba94 in g_main_context_iterate_unlocked glib/gmain.c:4314
#23 0x7907b26ad1f3 in g_main_loop_run glib/gmain.c:4516
#24 0x7907b02386bc in gtk_main gtk/gtkmain.c:1329
#25 0x640ed8e74b70 in main xfsettingsd/main.c:352
0x5030008dd570 is located 0 bytes inside of 19-byte region [0x5030008dd570,0x5030008dd583)
freed by thread T0 here:
#0 0x7907b2efc102 in free /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_malloc_linux.cpp:52
#1 0x7907b26c9ba2 in g_free glib/gmem.c:208
#2 0x7907b2739578 in g_strfreev glib/gstrfuncs.c:2559
#3 0x7907af36cb1b in selection_data_free libxfce4ui/xfce-clipboard-manager.c:176
#4 0x7907af36cc53 in clipboard_clear libxfce4ui/xfce-clipboard-manager.c:1196
#5 0x7907b05a90ea in clipboard_unset gtk/gtkclipboard.c:782
#6 0x7907b05a9f24 in gtk_clipboard_set_contents gtk/gtkclipboard.c:622
#7 0x7907b05aad5a in gtk_clipboard_set_with_data gtk/gtkclipboard.c:675
#8 0x7907af36e324 in owner_change libxfce4ui/xfce-clipboard-manager.c:1255
#9 0x7907b0d717e7 in g_cclosure_marshal_VOID__BOXED gobject/gmarshal.c:1628
#10 0x7907b0d62d09 in g_closure_invoke gobject/gclosure.c:833
#11 0x7907b0db7691 in signal_emit_unlocked_R gobject/gsignal.c:3902
#12 0x7907b0dbca23 in signal_emit_valist_unlocked gobject/gsignal.c:3534
#13 0x7907b0dcb2d3 in g_signal_emit_valist gobject/gsignal.c:3277
#14 0x7907b0dcb3fc in g_signal_emit gobject/gsignal.c:3597
#15 0x7907b05ad316 in _gtk_clipboard_handle_event gtk/gtkclipboard.c:2031
#16 0x7907b02393fc in gtk_main_do_event gtk/gtkmain.c:1709
#17 0x7907af6a6286 in _gdk_event_emit gdk/gdkevents.c:73
#18 0x7907af75fbe2 in gdk_event_source_dispatch gdk/x11/gdkeventsource.c:367
#19 0x7907b269eb58 in g_main_dispatch glib/gmain.c:3398
#20 0x7907b269eb58 in g_main_context_dispatch_unlocked glib/gmain.c:4249
#21 0x7907b26aba94 in g_main_context_iterate_unlocked glib/gmain.c:4314
#22 0x7907b26ad1f3 in g_main_loop_run glib/gmain.c:4516
#23 0x7907b02386bc in gtk_main gtk/gtkmain.c:1329
#24 0x640ed8e74b70 in main xfsettingsd/main.c:352
previously allocated by thread T0 here:
#0 0x7907b2efd721 in malloc /usr/src/debug/gcc/gcc/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7907b26c9abd in g_malloc glib/gmem.c:100
#2 0x7907b27335cc in g_strdup glib/gstrfuncs.c:323
#3 0x7907af6bd230 in g_strdup_inline /usr/local/include/glib-2.0/glib/gstrfuncs.h:321
#4 0x7907af6bd230 in gdk_atom_name gdk/gdkproperty.c:243
#5 0x7907af36dd16 in owner_change libxfce4ui/xfce-clipboard-manager.c:1244
#6 0x7907b0d717e7 in g_cclosure_marshal_VOID__BOXED gobject/gmarshal.c:1628
#7 0x7907b0d62d09 in g_closure_invoke gobject/gclosure.c:833
#8 0x7907b0db7691 in signal_emit_unlocked_R gobject/gsignal.c:3902
#9 0x7907b0dbca23 in signal_emit_valist_unlocked gobject/gsignal.c:3534
#10 0x7907b0dcb2d3 in g_signal_emit_valist gobject/gsignal.c:3277
#11 0x7907b0dcb3fc in g_signal_emit gobject/gsignal.c:3597
#12 0x7907b05ad316 in _gtk_clipboard_handle_event gtk/gtkclipboard.c:2031
#13 0x7907b02393fc in gtk_main_do_event gtk/gtkmain.c:1709
#14 0x7907af6a6286 in _gdk_event_emit gdk/gdkevents.c:73
#15 0x7907af75fbe2 in gdk_event_source_dispatch gdk/x11/gdkeventsource.c:367
#16 0x7907b269eb58 in g_main_dispatch glib/gmain.c:3398
#17 0x7907b269eb58 in g_main_context_dispatch_unlocked glib/gmain.c:4249
#18 0x7907b26aba94 in g_main_context_iterate_unlocked glib/gmain.c:4314
#19 0x7907b26ad1f3 in g_main_loop_run glib/gmain.c:4516
#20 0x7907b02386bc in gtk_main gtk/gtkmain.c:1329
#21 0x640ed8e74b70 in main xfsettingsd/main.c:352Version info
06925588 compiled on Arch Linux