Attention Windows users: Possible app crashes and antivirus false positives when using Cartero 0.1.2 on Windows #87
Pinned
danirod
announced in
Announcements
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
What's going on you
There is a bug in GLib, versions 2.82.1 and older, that can cause gdbus.exe to silently crash on Windows under some circunstances. This bug is fixed on version 2.82.2. I've uploaded an updated version of the installer and portable releases for Cartero v0.1.2 for Windows that has this dependency patched and updated to 2.82.2.
The crash is related to this bug report submitted to the GLib repository. I don't understand exactly what's going on, but it looks someone is trying to free some memory that is not supposed to be freed.
This crash may appear when clicking a link, such as the ones you see in the About dialog for Cartero, or if you manage to follow a link coming from the Response panel of an HTTP request (although I believe that Cartero does not autolink.)
Note that the crash is silent, and you may not see anything on your screen if gdbus.exe crashes, but it may still log crash reports on the Windows Reliability Monitor. Additionally, this crash may cause a false positive from some antivirus such as Norton, because apparently Microsoft Windows writing a crash report into a protected Microsoft Windows directory is suspicious? I don't know, Norton always has to Norton.
To be clear, this is a false positive. It traces to cartero.exe because this is the process that spawns everything, but after looking at the upstream bug reports, this is not a security issue, just a regular crash coming from a library written in a programming language prone to unsafe memory accesses.
What you should do
If you are using Cartero 0.1.2 on Windows, it's recommended that you download the installer or the .zip file again from the GitHub releases to patch the dependency. It's not critical, and unless you use the About dialog, it will probably not bother you, but if you are the kind of person that gets scared from alerts, you should probably do it.
To avoid breaking links, and to differentiate the updated version and the outdated version, I've uploaded the new installers as version 0.1.2b. You can find them in the releases section. But please, note that the new version number is just for the file name. Once extracted or installed, Cartero will still report itself as version 0.1.2, because the application is not recompiled.
These are the SHA256 versions of the updated downloads:
And these are the SHA256 versions of the outdated downloads:
You can also check if your version of Cartero should be updated by opening the application directory where you installed or extracted Cartero and locating the file
bin/libglib-2.0-0.dll:Open the Properties panel for libglib-2.0-0.dll and check the Details. If you see that the product version is reported as 2.82.1, you have an outdated glib2 version. If it reports as 2.82.2, then you have the latest version available.
If you have enough knowledge about computers, I suppose that you could also download manually mingw-w64-ucrt-x86_64-glib2, for instance, by following this link (SHA256, c82815b7f09a8de96c0cb4da53e58b01a470f4e68ef8fc2a94924cc104001a52), and then manually extracting the contents of the /ucrt64/bin directory into your $CARTERO/bin directory, overwriting every .dll and .exe file. But it will probably be faster to just re-download Cartero.
You can also recompile Cartero from sources if you don't trust the precompiled versions. The compilation procedure is always linked from the README files.
This report is as verbose as I can make it in order to be as transparent as I can. Feel free to ask anything if you have more questions. Thank you for your confidence in Cartero and for helping me prove that its existence in this world is actually useful, and sorry for any possible fright this may have caused.
Beta Was this translation helpful? Give feedback.
All reactions