From ca702b4596c5e894524800911c02f83a7405d9e3 Mon Sep 17 00:00:00 2001 From: Philip Withnall Date: Wed, 1 Mar 2023 19:40:56 +0000 Subject: [PATCH] gtkatspicontext: Fix a leak of a floating GVariant If the early return path in `emit_property_changed()` is taken, and `value` is floating, it will be leaked. Fix that by sinking `value` on entry to the function. Spotted by asan: ``` Direct leak of 128 byte(s) in 2 object(s) allocated from: #0 0x7f44774ba6af in __interceptor_malloc (/lib64/libasan.so.8+0xba6af) #1 0x7f44764c941a in g_malloc ../../source/glib/glib/gmem.c:130 #2 0x7f44764f6d8a in g_slice_alloc ../../source/glib/glib/gslice.c:252 #3 0x7f447654655d in g_variant_alloc ../../source/glib/glib/gvariant-core.c:565 #4 0x7f447654664c in g_variant_new_from_bytes ../../source/glib/glib/gvariant-core.c:608 #5 0x7f4476536ed5 in g_variant_new_take_string ../../source/glib/glib/gvariant.c:1307 #6 0x7f4475c75ada in gtk_at_spi_context_state_change ../../source/gtk4/gtk/a11y/gtkatspicontext.c:1112 #7 0x7f44758ee194 in gtk_at_context_update ../../source/gtk4/gtk/gtkatcontext.c:694 #8 0x7f44758dbfcf in gtk_accessible_update_property ../../source/gtk4/gtk/gtkaccessible.c:326 #9 0x7f4475b5abe3 in gtk_widget_set_tooltip_text ../../source/gtk4/gtk/gtkwidget.c:9740 #10 0x58439d in gs_updates_page_update_ui_state ../../source/gnome-software/src/gs-updates-page.c:302 #11 0x5857dc in gs_updates_page_set_state ../../source/gnome-software/src/gs-updates-page.c:403 #12 0x5879f1 in gs_updates_page_load ../../source/gnome-software/src/gs-updates-page.c:636 #13 0x58822d in gs_updates_page_reload ../../source/gnome-software/src/gs-updates-page.c:678 #14 0x50ff48 in gs_page_reload ../../source/gnome-software/src/gs-page.c:731 #15 0x5491ce in gs_shell_reload_cb ../../source/gnome-software/src/gs-shell.c:830 #16 0x7f4477363f54 in g_cclosure_marshal_VOID__VOID ../../source/glib/gobject/gmarshal.c:117 #17 0x7f447735e0ad in g_closure_invoke ../../source/glib/gobject/gclosure.c:832 #18 0x7f4477391f3f in signal_emit_unlocked_R ../../source/glib/gobject/gsignal.c:3802 #19 0x7f4477390c13 in g_signal_emit_valist ../../source/glib/gobject/gsignal.c:3555 #20 0x7f4477391324 in g_signal_emit ../../source/glib/gobject/gsignal.c:3612 #21 0x7f447705b3c3 in gs_plugin_loader_reload_delay_cb ../../source/gnome-software/lib/gs-plugin-loader.c:1538 #22 0x7f44764bd140 in g_timeout_dispatch ../../source/glib/glib/gmain.c:5054 #23 0x7f44764b9eb1 in g_main_dispatch ../../source/glib/glib/gmain.c:3460 #24 0x7f44764bb72c in g_main_context_dispatch ../../source/glib/glib/gmain.c:4200 #25 0x7f44764bba15 in g_main_context_iterate ../../source/glib/glib/gmain.c:4276 #26 0x7f44764bbbfa in g_main_context_iteration ../../source/glib/glib/gmain.c:4343 #27 0x7f44769ef655 in g_application_run ../../source/glib/gio/gapplication.c:2589 #28 0x4f2da5 in main ../../source/gnome-software/src/gs-main.c:49 #29 0x7f4474e4a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f) ``` Signed-off-by: Philip Withnall --- gtk/a11y/gtkatspicontext.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/gtk/a11y/gtkatspicontext.c b/gtk/a11y/gtkatspicontext.c index 18e5bcfce1..fe566293dd 100644 --- a/gtk/a11y/gtkatspicontext.c +++ b/gtk/a11y/gtkatspicontext.c @@ -769,8 +769,13 @@ emit_property_changed (GtkAtSpiContext *self, const char *name, GVariant *value) { + GVariant *value_owned = g_variant_ref_sink (value); + if (self->connection == NULL) - return; + { + g_variant_unref (value_owned); + return; + } g_dbus_connection_emit_signal (self->connection, NULL, @@ -778,8 +783,9 @@ emit_property_changed (GtkAtSpiContext *self, "org.a11y.atspi.Event.Object", "PropertyChange", g_variant_new ("(siiva{sv})", - name, 0, 0, value, NULL), + name, 0, 0, value_owned, NULL), NULL); + g_variant_unref (value_owned); } static void