468346 – Invalid .desktop files can crash the calling app when trying to show the properties dialog for them

Bug 468346 - Invalid .desktop files can crash the calling app when trying to show the properties dialog for them

Summary: Invalid .desktop files can crash the calling app when trying to show the prop...

Status:	RESOLVED DUPLICATE of bug 465290

Alias:	None

Product:	frameworks-kio
Classification:	Frameworks and Libraries
Component:	Properties dialog (show other bugs)
Version:	5.105.0
Platform:	Arch Linux Linux

Importance:	NOR crash
Target Milestone:	---
Assignee:	KIO Bugs

URL:
Keywords:

Depends on:
Blocks:

Reported:	2023-04-10 03:51 UTC by David Rubio
Modified:	2023-12-13 15:31 UTC (History)
CC List:	5 users (show)

See Also:
Latest Commit:
Version Fixed In:

Attachments
use this to reproduce issue (719 bytes, application/x-desktop) 2023-04-10 03:51 UTC, David Rubio	Details
The sign symbol inside of the Exec parameter causes the crash (255 bytes, application/x-desktop) 2023-08-05 11:40 UTC, Redo11	Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description David Rubio 2023-04-10 03:51:02 UTC

Created attachment 157985 [details]
use this to reproduce issue

SUMMARY
Pretty much the title. If the Exec= file of a .desktop file contains ' at the start and end, AND the application contains switches (--example), plasmashell will segfault when trying to edit them (right click, "edit application") from the kickoff menu.

I haven't been able to get debug logs yet, but so far two people I know have been able to reproduce this issue. A file is attached to this bug report which should reproduce it.

The main issue here is that that "Edit Application" dialog is what added the single commas to the start and end of the Exec line, therefore making it possible for someone to make an application invalid and be unable to edit it if they're unaware of the location of the desktop file on the filesystem (this could be a separate bug, let me know)

STEPS TO REPRODUCE
1. Create a .desktop file with an Exec line that starts and ends on a single comma (') and that contains command line switches (--example)
2. Open kickoff, search the malformed .desktop file and right click it, selecting Edit Application

OBSERVED RESULT
plasmashell segfaults

EXPECTED RESULT
no crash occurs, instead plasmashell should let 

SOFTWARE/OS VERSIONS
Linux/KDE Plasma: Linux 6.2.10-arch1-1 (64-bit)
(available in About System)
KDE Plasma Version: 5.27.4
KDE Frameworks Version: 5.104.0
Qt Version: 5.15.8

ADDITIONAL INFORMATION
A file is attached to this bug report which should reproduce the issue described.

Comment 1 Nate Graham 2023-04-10 20:24:23 UTC

Can reproduce the issue with the provided desktop file. Crash backtrace:

#0  __GI___pthread_sigmask (how=1, newmask=<optimized out>, oldmask=0x0) at pthread_sigmask.c:43
#1  0x00007fc5a265fd1d in __GI___sigprocmask (how=<optimized out>, set=<optimized out>, oset=<optimized out>) at ../sysdeps/unix/sysv/linux/sigprocmask.c:25
#2  0x00007fc5a57cce18 in KCrash::setCrashHandler(void (*)(int)) (handler=handler@entry=0x0) at /home/nate/kde/src/kcrash/src/kcrash.cpp:414
#3  0x00007fc5a57cd969 in KCrash::defaultCrashHandler(int) (sig=11) at /home/nate/kde/src/kcrash/src/kcrash.cpp:625
#4  0x00007fc5a265fb20 in <signal handler called> () at /lib64/libc.so.6
#5  0x00007fc5a4104a24 in QWidgetLineControl::internalSetText(QString const&, int, bool) (this=0xaa5a530, txt=..., pos=pos@entry=-1, edited=edited@entry=false) at widgets/qwidgetlinecontrol.cpp:766
#6  0x00007fc5a40f72f8 in QWidgetLineControl::setText(QString const&) (txt=..., this=<optimized out>)
    at ../../include/QtWidgets/5.15.8/QtWidgets/private/../../../../../src/widgets/widgets/qwidgetlinecontrol_p.h:251
#7  0x00007fc5a40fb40d in QLineEdit::setText(QString const&) (this=this@entry=0xaa5a260, text=...) at widgets/qlineedit.cpp:317
#8  0x00007fc5a25b1893 in KDEPrivate::KDesktopPropsPlugin::KDesktopPropsPlugin(KPropertiesDialog*) (this=<optimized out>, _props=<optimized out>)
    at /home/nate/kde/src/kio/src/widgets/kpropertiesdialog.cpp:3411
#9  0x00007fc5a25b4cf8 in KPropertiesDialogPrivate::insertPages() (this=this@entry=0xa222c60) at /home/nate/kde/src/kio/src/widgets/kpropertiesdialog.cpp:640
#10 0x00007fc5a25b520a in KPropertiesDialogPrivate::init() (this=0xa222c60) at /home/nate/kde/src/kio/src/widgets/kpropertiesdialog.cpp:435
#11 0x00007fc5a25b5ba9 in KPropertiesDialog::KPropertiesDialog(QUrl const&, QWidget*) (this=0x6c1c090, _url=<optimized out>, parent=<optimized out>) at /usr/include/c++/12/bits/unique_ptr.h:191
#12 0x00007fc5a25b5c3d in KPropertiesDialog::showDialog(QUrl const&, QWidget*, bool) (_url=..., parent=parent@entry=0x0, modal=modal@entry=false)
    at /home/nate/kde/src/kio/src/widgets/kpropertiesdialog.cpp:389
#13 0x00007fc51f7ce420 in MenuEntryEditor::edit(QString const&, QString const&)
    (this=this@entry=0x7fc51f808290 <Kicker::(anonymous namespace)::Q_QGS_menuEntryEditor::innerFunction()::holder>, entryPath=..., menuId=...)
    at /home/nate/kde/src/plasma-workspace/applets/kicker/plugin/menuentryeditor.cpp:42
#14 0x00007fc51f7a1e7a in Kicker::editApplication(QString const&, QString const&) (entryPath=..., menuId=...) at /home/nate/kde/src/plasma-workspace/applets/kicker/plugin/actionlist.cpp:386
#15 0x00007fc51f7a1f4b in Kicker::handleEditApplicationAction(QString const&, QExplicitlySharedDataPointer<KService> const&) (actionId=..., service=...)
    at /home/nate/kde/src/plasma-workspace/applets/kicker/plugin/actionlist.cpp:405
#16 0x00007fc51f7d59f0 in RunnerMatchesModel::trigger(int, QString const&, QVariant const&) (this=<optimized out>, row=<optimized out>, actionId=..., argument=...)
    at /home/nate/kde/src/plasma-workspace/applets/kicker/plugin/runnermatchesmodel.cpp:209
#17 0x00007fc51f79b6d8 in RunnerMatchesModel::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) (_o=<optimized out>, _c=<optimized out>, _id=<optimized out>, _a=0x7ffdac258a00)
    at /home/nate/kde/build5/plasma-workspace/applets/kicker/kickerplugin_autogen/7RBZBFH7CH/moc_runnermatchesmodel.cpp:90
#18 0x00007fc51f79ec83 in RunnerMatchesModel::qt_metacall(QMetaObject::Call, int, void**) (this=0x8f1b7c0, _c=QMetaObject::InvokeMetaMethod, _id=1, _a=0x7ffdac258a00)
    at /home/nate/kde/build5/plasma-workspace/applets/kicker/kickerplugin_autogen/7RBZBFH7CH/moc_runnermatchesmodel.cpp:149
#19 0x00007fc5a4ce96f3 in QQmlObjectOrGadget::metacall(QMetaObject::Call, int, void**) const (this=this@entry=0x7ffdac258ca0, type=type@entry=QMetaObject::InvokeMetaMethod, index=<optimized out>, 
    index@entry=67, argv=<optimized out>) at qml/qqmlobjectorgadget.cpp:51
#20 0x00007fc5a4bc1b39 in CallMethod
    (callType=<optimized out>, callArgs=0x7ffdac258a00, engine=<optimized out>, argTypes=<optimized out>, argCount=<optimized out>, returnType=<optimized out>, index=<optimized out>, object=...)
    at /usr/include/qt5/QtCore/qvarlengtharray.h:189
#21 CallPrecise(QQmlObjectOrGadget const&, QQmlPropertyData const&, QV4::ExecutionEngine*, QV4::CallData*, QMetaObject::Call)
    (object=..., data=<optimized out>, engine=engine@entry=0x24a3c80, callArgs=callArgs@entry=0x7fc5881be668, callType=callType@entry=QMetaObject::InvokeMetaMethod)
    at jsruntime/qv4qobjectwrapper.cpp:1553
#22 0x00007fc5a4bc3a60 in CallOverloaded (callType=<optimized out>, propertyCache=<optimized out>, callArgs=<optimized out>, engine=<optimized out>, data=<optimized out>, object=<optimized out>)
    at jsruntime/qv4qobjectwrapper.cpp:1629
#23 QV4::QObjectMethod::callInternal(QV4::Value const*, QV4::Value const*, int) const (this=<optimized out>, thisObject=<optimized out>, argv=<optimized out>, argc=<optimized out>)
    at jsruntime/qv4qobjectwrapper.cpp:2117
#24 0x00007fc5a4be0a5d in QV4::FunctionObject::call(QV4::Value const*, QV4::Value const*, int) const (argc=<optimized out>, argv=<optimized out>, thisObject=<optimized out>, this=<optimized out>)
    at ../../include/QtQml/5.15.8/QtQml/private/../../../../../src/qml/jsruntime/qv4functionobject_p.h:202
#25 QV4::Moth::VME::interpret(QV4::CppStackFrame*, QV4::ExecutionEngine*, char const*) (frame=0x3979660, frame@entry=0x7ffdac258f60, engine=0x24a3c80, code=0x3881cd0 "pҴ\244\305\177")
    at jsruntime/qv4vme_moth.cpp:757
#26 0x00007fc5a4be41c7 in QV4::Moth::VME::exec(QV4::CppStackFrame*, QV4::ExecutionEngine*) (frame=frame@entry=0x7ffdac258f60, engine=engine@entry=0x24a3c80) at jsruntime/qv4vme_moth.cpp:466
#27 0x00007fc5a4b763e8 in QV4::ArrowFunction::virtualCall(QV4::FunctionObject const*, QV4::Value const*, QV4::Value const*, int)
    (fo=<optimized out>, thisObject=<optimized out>, argv=<optimized out>, argc=<optimized out>) at jsruntime/qv4functionobject.cpp:528
#28 0x00007fc5a4be0a5d in QV4::FunctionObject::call(QV4::Value const*, QV4::Value const*, int) const (argc=<optimized out>, argv=<optimized out>, thisObject=<optimized out>, this=<optimized out>)
    at ../../include/QtQml/5.15.8/QtQml/private/../../../../../src/qml/jsruntime/qv4functionobject_p.h:202
#29 QV4::Moth::VME::interpret(QV4::CppStackFrame*, QV4::ExecutionEngine*, char const*) (frame=0x3979660, frame@entry=0x7ffdac259190, engine=0x24a3c80, code=0x8b743d0 "\360ش\244\305\177")
    at jsruntime/qv4vme_moth.cpp:757
#30 0x00007fc5a4be41c7 in QV4::Moth::VME::exec(QV4::CppStackFrame*, QV4::ExecutionEngine*) (frame=frame@entry=0x7ffdac259190, engine=engine@entry=0x24a3c80) at jsruntime/qv4vme_moth.cpp:466
#31 0x00007fc5a4b75636 in QV4::Function::call(QV4::Value const*, QV4::Value const*, int, QV4::ExecutionContext const*)
    (this=this@entry=0x4190a60, thisObject=<optimized out>, argv=argv@entry=0x7fc5881be500, argc=<optimized out>, context=<optimized out>) at jsruntime/qv4function.cpp:69
#32 0x00007fc5a4d04171 in QQmlJavaScriptExpression::evaluate(QV4::CallData*, bool*) (this=this@entry=0x9b148b0, callData=callData@entry=0x7fc5881be4d0, isUndefined=isUndefined@entry=0x0)
    at qml/qqmljavascriptexpression.cpp:212
#33 0x00007fc5a4cb4b0f in QQmlBoundSignalExpression::evaluate(void**) (this=<optimized out>, a=a@entry=0x0) at ../../include/QtQml/5.15.8/QtQml/private/../../../../../src/qml/jsruntime/qv4jscall_p.h:95
#34 0x00007fc5a4cb6298 in QQmlBoundSignal_callback(QQmlNotifierEndpoint*, void**) (e=0x9b14630, a=0x0)
    at ../../include/QtQml/5.15.8/QtQml/private/../../../../../src/qml/qml/qqmlboundsignalexpressionpointer_p.h:69
#35 0x00007fc5a4ce91bf in QQmlNotifier::emitNotify(QQmlNotifierEndpoint*, void**) (endpoint=<optimized out>, a=0x0) at qml/qqmlnotifier.cpp:104
#36 0x00007fc5a2ed0b70 in doActivate<false>(QObject*, int, void**) (sender=0x962d830, signal_index=30, argv=0x0) at kernel/qobject.cpp:3815
#37 0x00007fc5a2ed0e96 in QtPrivate::QSlotObjectBase::call(QObject*, void**) (a=0x7ffdac25aea0, r=<optimized out>, this=0x962de00) at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
#38 doActivate<false>(QObject*, int, void**) (sender=0x8339330, signal_index=4, argv=0x7ffdac25aea0) at kernel/qobject.cpp:3923
#39 0x00007fc5a2ecbe27 in QMetaObject::activate(QObject*, QMetaObject const*, int, void**)
    (sender=sender@entry=0x8339330, m=m@entry=0x7fc5a44d5240 <QAction::staticMetaObject>, local_signal_index=local_signal_index@entry=1, argv=argv@entry=0x7ffdac25aea0) at kernel/qobject.cpp:3983
#40 0x00007fc5a3fa82f6 in QAction::triggered(bool) (this=this@entry=0x8339330, _t1=<optimized out>) at .moc/moc_qaction.cpp:376
#41 0x00007fc5a3faafb3 in QAction::activate(QAction::ActionEvent) (this=0x8339330, event=<optimized out>) at kernel/qaction.cpp:1161
#42 0x00007fc5a4135102 in QMenuPrivate::activateCausedStack(QVector<QPointer<QWidget> > const&, QAction*, QAction::ActionEvent, bool)
    (this=this@entry=0x7ac1e60, causedStack=..., action=action@entry=0x8339330, action_e=action_e@entry=QAction::Trigger, self=self@entry=true) at widgets/qmenu.cpp:1384
#43 0x00007fc5a413cfdc in QMenuPrivate::activateAction(QAction*, QAction::ActionEvent, bool) (this=0x7ac1e60, action=0x8339330, action_e=QAction::Trigger, self=<optimized out>) at widgets/qmenu.cpp:1461
#44 0x00007fc5a3ff1938 in QWidget::event(QEvent*) (this=0x62ddd00, event=0x7ffdac25b480) at kernel/qwidget.cpp:9045
#45 0x00007fc5a3faed62 in QApplicationPrivate::notify_helper(QObject*, QEvent*) (this=this@entry=0x1fc6e50, receiver=receiver@entry=0x62ddd00, e=e@entry=0x7ffdac25b480) at kernel/qapplication.cpp:3640
#46 0x00007fc5a3fb73d2 in QApplication::notify(QObject*, QEvent*) (this=<optimized out>, receiver=0x62ddd00, e=<optimized out>) at kernel/qapplication.cpp:3084
#47 0x00007fc5a2e9d4e8 in QCoreApplication::notifyInternal2(QObject*, QEvent*) (receiver=0x62ddd00, event=0x7ffdac25b480) at kernel/qcoreapplication.cpp:1064
#48 0x00007fc5a2e9d6f2 in QCoreApplication::sendSpontaneousEvent(QObject*, QEvent*) (receiver=<optimized out>, event=<optimized out>) at kernel/qcoreapplication.cpp:1474
#49 0x00007fc5a3fb54d2 in QApplicationPrivate::sendMouseEvent(QWidget*, QMouseEvent*, QWidget*, QWidget*, QWidget**, QPointer<QWidget>&, bool, bool)
    (receiver=0x62ddd00, event=event@entry=0x7ffdac25b480, alienWidget=<optimized out>, nativeWidget=0x62ddd00, buttonDown=buttonDown@entry=0x7fc5a450d330 <qt_button_down>, lastMouseReceiver=..., spontaneous=true, onlyDispatchEnterLeave=false) at kernel/qapplication.cpp:2622
#50 0x00007fc5a400b0f5 in QWidgetWindow::handleMouseEvent(QMouseEvent*) (this=this@entry=0x91f9190, event=event@entry=0x7ffdac25b730) at kernel/qwidgetwindow.cpp:580
#51 0x00007fc5a400e060 in QWidgetWindow::event(QEvent*) (this=0x91f9190, event=0x7ffdac25b730) at kernel/qwidgetwindow.cpp:300
#52 0x00007fc5a3faed62 in QApplicationPrivate::notify_helper(QObject*, QEvent*) (this=<optimized out>, receiver=0x91f9190, e=0x7ffdac25b730) at kernel/qapplication.cpp:3640
#53 0x00007fc5a2e9d4e8 in QCoreApplication::notifyInternal2(QObject*, QEvent*) (receiver=0x91f9190, event=0x7ffdac25b730) at kernel/qcoreapplication.cpp:1064
#54 0x00007fc5a2e9d6f2 in QCoreApplication::sendSpontaneousEvent(QObject*, QEvent*) (receiver=<optimized out>, event=<optimized out>) at kernel/qcoreapplication.cpp:1474
#55 0x00007fc5a336ad6d in QGuiApplicationPrivate::processMouseEvent(QWindowSystemInterfacePrivate::MouseEvent*) (e=0x7fc584014970) at kernel/qguiapplication.cpp:2278
#56 0x00007fc5a3349f1c in QWindowSystemInterface::sendWindowSystemEvents(QFlags<QEventLoop::ProcessEventsFlag>) (flags=...) at kernel/qwindowsysteminterface.cpp:1169
#57 0x00007fc5a495f604 in userEventSourceDispatch(_GSource*, int (*)(void*), void*) () at /lib64/libQt5WaylandClient.so.5
#58 0x00007fc5a21a7c7f in g_main_dispatch (context=0x7fc58c005010) at ../glib/gmain.c:3454
#59 g_main_context_dispatch (context=0x7fc58c005010) at ../glib/gmain.c:4172
#60 0x00007fc5a21fe118 in g_main_context_iterate.constprop.0 (context=0x7fc58c005010, block=1, dispatch=1, self=<optimized out>) at ../glib/gmain.c:4248
#61 0x00007fc5a21a4f00 in g_main_context_iteration (context=0x7fc58c005010, may_block=1) at ../glib/gmain.c:4313
#62 0x00007fc5a2eee5fa in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (this=0x1ff74f0, flags=...) at kernel/qeventdispatcher_glib.cpp:423
#63 0x00007fc5a2e9bf3a in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (this=this@entry=0x7ffdac25bac0, flags=..., flags@entry=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:69
#64 0x00007fc5a2ea4002 in QCoreApplication::exec() () at ../../include/QtCore/../../src/corelib/global/qflags.h:121
#65 0x00007fc5a335fad0 in QGuiApplication::exec() () at kernel/qguiapplication.cpp:1863
#66 0x00007fc5a3faecd9 in QApplication::exec() () at kernel/qapplication.cpp:2832
#67 0x0000000000423dd9 in main(int, char**) (argc=<optimized out>, argv=<optimized out>) at /home/nate/kde/src/plasma-workspace/shell/main.cpp:235

Comment 2 Nate Graham 2023-04-10 20:27:59 UTC

Relevant part:

#7  0x00007fc5a40fb40d in QLineEdit::setText(QString const&) (this=this@entry=0xaa5a260, text=...) at widgets/qlineedit.cpp:317
#8  0x00007fc5a25b1893 in KDEPrivate::KDesktopPropsPlugin::KDesktopPropsPlugin(KPropertiesDialog*) (this=<optimized out>, _props=<optimized out>)
    at /home/nate/kde/src/kio/src/widgets/kpropertiesdialog.cpp:3411
#9  0x00007fc5a25b4cf8 in KPropertiesDialogPrivate::insertPages() (this=this@entry=0xa222c60) at /home/nate/kde/src/kio/src/widgets/kpropertiesdialog.cpp:640
#10 0x00007fc5a25b520a in KPropertiesDialogPrivate::init() (this=0xa222c60) at /home/nate/kde/src/kio/src/widgets/kpropertiesdialog.cpp:435
#11 0x00007fc5a25b5ba9 in KPropertiesDialog::KPropertiesDialog(QUrl const&, QWidget*) (this=0x6c1c090, _url=<optimized out>, parent=<optimized out>) at /usr/include/c++/12/bits/unique_ptr.h:191
#12 0x00007fc5a25b5c3d in KPropertiesDialog::showDialog(QUrl const&, QWidget*, bool) (_url=..., parent=parent@entry=0x0, modal=modal@entry=false)
    at /home/nate/kde/src/kio/src/widgets/kpropertiesdialog.cpp:389
#13 0x00007fc51f7ce420 in MenuEntryEditor::edit(QString const&, QString const&)
    (this=this@entry=0x7fc51f808290 <Kicker::(anonymous namespace)::Q_QGS_menuEntryEditor::innerFunction()::holder>, entryPath=..., menuId=...)
    at /home/nate/kde/src/plasma-workspace/applets/kicker/plugin/menuentryeditor.cpp:42
#14 0x00007fc51f7a1e7a in Kicker::editApplication(QString const&, QString const&) (entryPath=..., menuId=...) at /home/nate/kde/src/plasma-workspace/applets/kicker/plugin/actionlist.cpp:386
#15 0x00007fc51f7a1f4b in Kicker::handleEditApplicationAction(QString const&, QExplicitlySharedDataPointer<KService> const&) (actionId=..., service=...)
    at /home/nate/kde/src/plasma-workspace/applets/kicker/plugin/actionlist.cpp:405

I can crash Dolphin too.

Comment 3 Paul Worrall 2023-05-08 09:13:06 UTC

*** Bug 469451 has been marked as a duplicate of this bug. ***

Comment 4 Redo11 2023-08-05 11:40:03 UTC

Created attachment 160756 [details]
The sign symbol inside of the Exec parameter causes the crash

Comment 5 Nate Graham 2023-12-13 15:31:28 UTC

It's actually not the quotes, but rather the equals sign

*** This bug has been marked as a duplicate of bug 465290 ***