Description: Fix crash when exporting the private key. In ca_on_extractprivatekey1_activate, when calling gtk_tree_model_get, GLib attempts to assign a guint64 value to a variable declared gint (CA_MODEL_COLUMN_ID is defined as type G_TYPE_UINT64 in the tree store). This corrupts the stack and also invalidates the iter. . While investigating this, I noticed that the program happily leaks GtkTreeIter's. Every time the user selects a certificate from the tree view, the callback ca_treeview_selection_change invokes __ca_selection_type which makes a copy of the iter with gtk_tree_iter_copy. If the user chooses some action from the popup menu, the toolbar or the main menu, __ca_selection_type is called once again in the widget's callback function, copying another iter. AFAICT these are never freed for the lifetime of the program. . This is not addressed by the patch as it would require some changes, but it could be a source of trouble and something to watch out if bugs like this pop up. According to the GTK+ API documentation, gtk_tree_iter_copy is not supposed to be used by applications; GtkTreeIter structs should be copied by value. Bug-Debian: https://bugs.debian.org/855200 Author: Yavor Doganov Forwarded: gnomint-devel@lists.sourceforge.net Last-Update: 2018-09-02 --- --- gnomint-1.3.0.orig/src/ca.c +++ gnomint-1.3.0/src/ca.c @@ -922,7 +922,7 @@ GObject *widget = NULL; gchar * filename = NULL; GtkDialog * dialog = NULL; - gint id; + guint64 id; gchar * strerror = NULL; widget = gtk_builder_get_object (main_window_gtkb, "main_window1"); @@ -973,7 +973,7 @@ GObject *widget = NULL; gchar * filename = NULL; GtkDialog * dialog = NULL; - gint id; + guint64 id; gchar * error_msg = NULL; widget = gtk_builder_get_object (main_window_gtkb, "main_window1"); @@ -1022,7 +1022,7 @@ GObject *widget = NULL; gchar * filename = NULL; GtkDialog * dialog = NULL; - gint id; + guint64 id; gchar *error_msg = NULL; @@ -1181,7 +1181,7 @@ GtkTreeIter *iter; gint type; gchar *filename = NULL; - gint id; + guint64 id; type = __ca_selection_type (GTK_TREE_VIEW(gtk_builder_get_object (main_window_gtkb, "ca_treeview")), &iter); @@ -1212,7 +1212,7 @@ GtkTreeIter *iter; gint type = __ca_selection_type (GTK_TREE_VIEW(gtk_builder_get_object (main_window_gtkb, "ca_treeview")), &iter); gint response = 0; - gint id = 0; + guint64 id = 0; if (type == CA_FILE_ELEMENT_TYPE_CSR) return; @@ -1267,7 +1267,7 @@ GtkTreeIter *iter; gint type = __ca_selection_type (GTK_TREE_VIEW(gtk_builder_get_object (main_window_gtkb, "ca_treeview")), &iter); gint response = 0; - gint id = 0; + guint64 id = 0; if (type != CA_FILE_ELEMENT_TYPE_CSR) return;