AuroraMiddleware/gtk
1
0
Fork 1
mirror of https://gitlab.gnome.org/GNOME/gtk.git synced 2025-01-13 05:50:10 +00:00
Code Issues Projects Releases Wiki Activity

Avoid a heap-use-after-free

Browse Source 
_gtk_gesture_cancel_sequence frees the struct pointed to by data,
so don't write to it afterwards. Found by asan.
This commit is contained in:
Matthias Clasen 2021-01-22 11:37:20 -05:00
parent 341efe9a40
commit 39d5dd89c5
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
gtk/gtkgesture.c
View File

@ -991,6 +991,7 @@ gtk_gesture_set_sequence_state (GtkGesture *gesture,
{
GtkGesturePrivate *priv;
PointData *data;
GtkEventSequenceState current_state;
g_return_val_if_fail (GTK_IS_GESTURE (gesture), FALSE);
g_return_val_if_fail (state >= GTK_EVENT_SEQUENCE_NONE &&
@ -1014,11 +1015,13 @@ gtk_gesture_set_sequence_state (GtkGesture *gesture,
data->state != GTK_EVENT_SEQUENCE_NONE)
return FALSE;
current_state = data->state;
data->state = state;
if (state == GTK_EVENT_SEQUENCE_DENIED &&
data->state == GTK_EVENT_SEQUENCE_CLAIMED)
current_state == GTK_EVENT_SEQUENCE_CLAIMED)
_gtk_gesture_cancel_sequence (gesture, sequence);
data->state = state;
gtk_widget_cancel_event_sequence (gtk_event_controller_get_widget (GTK_EVENT_CONTROLLER (gesture)),
gesture, sequence, state);
g_signal_emit (gesture, signals[SEQUENCE_STATE_CHANGED], 0,