heap-use-after-free when unmounting external hard drive
Issue Description
I am able to trigger a crash when unmounting an external hard drive via its desktop icon.
Steps to Reproduce Issue
- Connect an external hard drive to your computer
- Mount the drive by selecting "Mount Volume" in the desktop icon's context menu
- Right-click on the icon and select "Unmount Volume" to trigger a use-after-free
Expected Behavior
No crash
Additional Information
It looks like the g_object_unref call on line 73 may be incorrect:
69 } else if (G_IS_FILE_ICON(icon)) {
70 GFile *icon_file = g_file_icon_get_file(G_FILE_ICON(icon));
71 if (icon_file != NULL) {
72 icon_name = g_file_get_path(icon_file);
73 g_object_unref(icon_file);
74 }
75 }The docs for g_file_icon_get_file say that the return value is owned by the instance.
Backtrace
ERROR: AddressSanitizer: heap-use-after-free on address 0x7baa83198b00 at pc 0x7f7a89d9ef8a bp 0x7ffc3b09ef60 sp 0x7ffc3b09ef58
READ of size 8 at 0x7baa83198b00 thread T0
#0 0x7f7a89d9ef89 in g_type_check_instance_is_fundamentally_a glib/gobject/gtype.c:3915:41
#1 0x7f7a89d223ff in g_object_unref glib/gobject/gobject.c:4743:3
#2 0x7f7a8a583e93 in g_file_icon_finalize glib/gio/gfileicon.c:135:5
#3 0x7f7a89d22d0e in g_object_unref glib/gobject/gobject.c:4904:3
#4 0x7b7a7292a468 in g_proxy_mount_update gvfs/monitor/proxy/gproxymount.c:206:5
#5 0x7b7a7293ad79 in mount_changed gvfs/monitor/proxy/gproxyvolumemonitor.c:555:7
0x7baa83198b00 is located 0 bytes inside of 32-byte region [0x7baa83198b00,0x7baa83198b20)
freed by thread T0 here:
#0 0x7f7a8ad74a6d (/usr/lib/clang/21/lib/linux/libclang_rt.asan-x86_64.so+0x174a6d)
#1 0x7f7a89998048 in g_free_sized glib/glib/gmem.c:238:3
#2 0x7f7a89d899e2 in g_type_free_instance glib/gobject/gtype.c:1979:5
#3 0x7f7a89d22de1 in g_object_unref glib/gobject/gobject.c:4920:3
#4 0x5601181b4961 in icon_name_for_gicon xfdesktop/src/xfdesktop-notify.c:73:13
#5 0x5601181b4961 in show_notification xfdesktop/src/xfdesktop-notify.c:89:28
#6 0x5601181b45c0 in xfdesktop_notify_unmount xfdesktop/src/xfdesktop-notify.c:167:18
#7 0x5601181b17cf in xfdesktop_volume_icon_menu_unmount xfdesktop/src/xfdesktop-volume-icon.c:619:9
[...snip...]
previously allocated by thread T0 here:
#0 0x7f7a8ad75d6d in calloc
#1 0x7f7a89997f8a in g_malloc0 glib/glib/gmem.c:133:13
#2 0x7f7a89d87e40 in g_type_create_instance glib/gobject/gtype.c:1882:17
#3 0x7f7a89d26825 in g_object_new_internal glib/gobject/gobject.c:2665:24
#4 0x7f7a89d248db in g_object_new_with_properties glib/gobject/gobject.c:2827:14
#5 0x7f7a89d248db in g_object_new glib/gobject/gobject.c:2476:12
#6 0x7f7a8a8b8afc in _g_local_file_new glib/gio/glocalfile.c:236:11
#7 0x7f7a8a8de789 in g_local_vfs_get_file_for_path glib/gio/glocalvfs.c:88:12
#8 0x7f7a8a6db854 in g_vfs_get_file_for_path glib/gio/gvfs.c:165:10
#9 0x7f7a825b516b in g_daemon_vfs_get_file_for_path gvfs/client/gdaemonvfs.c:383:10
#10 0x7f7a8a6db854 in g_vfs_get_file_for_path glib/gio/gvfs.c:165:10
#11 0x7f7a8a5680bf in g_file_new_for_path glib/gio/gfile.c:7229:10
#12 0x7f7a8a5680bf in new_for_cmdline_arg glib/gio/gfile.c:7665:12
#13 0x7f7a8a56806f in g_file_new_for_commandline_arg glib/gio/gfile.c:7714:10
#14 0x7f7a8a5aad44 in g_icon_new_for_string_simple glib/gio/gicon.c:413:18
#15 0x7f7a8a5aa4a3 in g_icon_new_for_string glib/gio/gicon.c:450:10
#16 0x7b7a7292a60a in g_proxy_mount_update gvfs/monitor/proxy/gproxymount.c:220:19
#17 0x7b7a7293ad79 in mount_changed gvfs/monitor/proxy/gproxyvolumemonitor.c:555:7
[...snip...]Environment & Versions
- OS distribution and version: Arch Linux
- Overall Xfce version: 4.21
- xfdesktop version (git hash if not a release): 1628a392
- thunar version (if issue related to file/launcher icons): 7f6940ace
- Windowing system (X11/Wayland): X11
- Compositor and version (if Wayland): N/A
- GTK Theme: Adwaita
- Icon Theme: elementary
- UI Scale Factor: 1x