From bc17dfa83de412c162edc7f0db2e6144d1a74ed3 Mon Sep 17 00:00:00 2001 From: Benjamin Otte Date: Mon, 6 May 2024 20:23:47 +0200 Subject: [PATCH] dmabuf: Ref previous context In case the context's only reference was held by being the current context, setting the new context would free it. Resetting it later would then be a use-after-free. Fixes #6694 --- gdk/gdkdmabufegl.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/gdk/gdkdmabufegl.c b/gdk/gdkdmabufegl.c index d283f9e992..96fe6b951e 100644 --- a/gdk/gdkdmabufegl.c +++ b/gdk/gdkdmabufegl.c @@ -163,6 +163,8 @@ gdk_dmabuf_get_egl_downloader (GdkDisplay *display, return NULL; previous = gdk_gl_context_get_current (); + if (previous) + g_object_ref (previous); formats = gdk_dmabuf_formats_builder_new (); external = gdk_dmabuf_formats_builder_new (); @@ -194,7 +196,10 @@ gdk_dmabuf_get_egl_downloader (GdkDisplay *display, } if (previous) - gdk_gl_context_make_current (previous); + { + gdk_gl_context_make_current (previous); + g_object_unref (previous); + } return GDK_DMABUF_DOWNLOADER (renderer); }