Skip to content

Thunar crashes when using menu to go to malformed GTK bookmark.

Thunar 4.17.7; Gentoo Linux amd64; GCC 11.2.0; glibc 2.33-r7

Going to bookmark with unescaped % sign causes Thunar to segfault, since g_file_get_basename() returns NULL for it, and strcmp() on NULL pointer is UB.

~/.config/gtk-3.0/bookmarks

file:///drv/secondary/%NEXTCLOUD
$ thunar                                                       
Segmentation fault

GDB:

Thread 1 "thunar" hit Breakpoint 1, thunar_file_info_reload (file=file@entry=0x7fffe0027430 [ThunarFile], cancellable=0x0) at thunar-file.c:1014
1014	  file->basename = g_file_get_basename (file->gfile);
(gdb) n
1018	  if (strcmp (file->basename, "kmsg") == 0
(gdb) n

Thread 1 "thunar" received signal SIGSEGV, Segmentation fault.
0x00007ffff6f3278a in ?? () from /lib64/libc.so.6
(gdb) bt
#0  0x00007ffff6f3278a in  () at /lib64/libc.so.6
#1  0x00005555555a2a4c in thunar_file_info_reload
    (file=file@entry=0x7fffe0027430 [ThunarFile], cancellable=0x0) at thunar-file.c:1018
#2  0x00005555555a2def in thunar_file_get_async_finish
    (object=<optimized out>, result=<optimized out>, user_data=0x555555830ee0) at thunar-file.c:1132
#3  0x00007ffff7258c73 in g_task_return_now (task=0x555555b07980 [GTask])
    at ../glib-2.70.2/gio/gtask.c:1219
#4  0x00007ffff7258cc8 in complete_in_idle_cb (task=0x555555b07980) at ../glib-2.70.2/gio/gtask.c:1233
#5  0x00007ffff7023a95 in g_idle_dispatch
    (source=0x7fffd000a610, callback=0x7ffff7258cb0 <complete_in_idle_cb>, user_data=0x555555b07980)
    at ../glib-2.70.2/glib/gmain.c:5897
#6  0x00007ffff7020779 in g_main_dispatch (context=0x555555657b70) at ../glib-2.70.2/glib/gmain.c:3381
#7  0x00007ffff7021798 in g_main_context_dispatch (context=0x555555657b70)
    at ../glib-2.70.2/glib/gmain.c:4099
#8  0x00007ffff702199a in g_main_context_iterate
    (context=0x555555657b70, block=1, dispatch=1, self=0x55555564c6c0)
    at ../glib-2.70.2/glib/gmain.c:4175
#9  0x00007ffff7021a72 in g_main_context_iteration (context=0x555555657b70, may_block=1)
    at ../glib-2.70.2/glib/gmain.c:4240
#10 0x00007ffff72970da in g_application_run
    (application=0x555555670140 [ThunarApplication], argc=1, argv=0x7fffffffde88)
    at ../glib-2.70.2/gio/gapplication.c:2569
#11 0x000055555557da62 in main (argc=1, argv=0x7fffffffde88) at main.c:86
(gdb) print file->basename
$2 = (gchar *) 0x0

thunar/thunar-file.c:

1013   /* determine the basename */
1014   file->basename = g_file_get_basename (file->gfile);
1015   _thunar_assert (file->basename != NULL);
1016 
1017   /* problematic files with content type reading */
1018   if (strcmp (file->basename, "kmsg") == 0

This is similar issue to what is reported in GTK+ here: https://gitlab.gnome.org/GNOME/gtk/-/issues/4643 .

With more detailed discussion on sanitizing g_file_get_basename() output in older ticket here: https://gitlab.gnome.org/GNOME/glib/-/issues/2385 .

Malformed URI is caused by Nextcloud desktop client, as reported here: https://github.com/nextcloud/desktop/issues/4184 .