AuroraMiddleware/gtk
1
0
Fork 1
mirror of https://gitlab.gnome.org/GNOME/gtk.git synced 2024-12-27 06:00:22 +00:00
Code Issues Projects Releases Wiki Activity

menutrackeritem: protect against use-after-free

Browse Source 
With recent updates to GLib, I now see cases where we can hit a state that
has finalized before notify (which will bump the ref count back up). This
is evident in GNOME Text Editor when showing a language submenu from a
popover, and then dismissing the popover and subsequently the tab.

With the previous commit, we at least get a warning like this, which helped
track down the issue.

 Gtk-CRITICAL **: gtk_action_observable_unregister_observer: assertion 'GTK_IS_ACTION_OBSERVABLE (observable)' failed
 GLib-GObject-CRITICAL **: g_object_ref: assertion '!object_already_finalized' failed

This patch fixes both of those criticals.

Fixes #5009
This commit is contained in:
Christian Hergert 2022-06-24 14:28:18 -07:00
parent f9c0fc4fdd
commit 4d883861b1
1 changed files with 19 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
gtk/gtkmenutrackeritem.c
View File

@ -870,16 +870,25 @@ gtk_menu_tracker_opener_finalize (GObject *object)
{
GtkMenuTrackerOpener *opener = (GtkMenuTrackerOpener *)object;
gtk_action_observable_unregister_observer (opener->item->observable,
opener->submenu_action,
(GtkActionObserver *)opener);
if (opener->item != NULL)
{
GtkMenuTrackerItem *item = g_object_ref (opener->item);
if (GTK_IS_ACTION_MUXER (opener->item->observable))
gtk_action_muxer_change_action_state (GTK_ACTION_MUXER (opener->item->observable),
opener->submenu_action,
g_variant_new_boolean (FALSE));
g_clear_weak_pointer (&opener->item);
gtk_menu_tracker_item_set_submenu_shown (opener->item, FALSE);
gtk_action_observable_unregister_observer (item->observable,
opener->submenu_action,
(GtkActionObserver *)opener);
if (GTK_IS_ACTION_MUXER (item->observable))
gtk_action_muxer_change_action_state (GTK_ACTION_MUXER (item->observable),
opener->submenu_action,
g_variant_new_boolean (FALSE));
gtk_menu_tracker_item_set_submenu_shown (item, FALSE);
g_object_unref (item);
}
g_clear_pointer (&opener->submenu_action, g_free);
@ -992,7 +1001,8 @@ gtk_menu_tracker_opener_new (GtkMenuTrackerItem *item,
opener = g_object_new (gtk_menu_tracker_opener_get_type (), NULL);
opener->first_time = TRUE;
opener->item = item;
g_set_weak_pointer (&opener->item, item);
if (item->action_namespace)
opener->submenu_action = g_strjoin (".", item->action_namespace, submenu_action, NULL);