From c784d5d700c7d6c03680eb21de19c8391e8ffac3 Mon Sep 17 00:00:00 2001 From: Matthias Clasen Date: Fri, 26 Feb 2016 14:51:24 -0500 Subject: [PATCH] levelbar: Avoid a use-after-free We were freeing the old offset before using its name to recreate a new one. Don't do that. Found by gcc's undefined behavior sanitizer. --- gtk/gtklevelbar.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/gtk/gtklevelbar.c b/gtk/gtklevelbar.c index 46684cd6a8..99317dc390 100644 --- a/gtk/gtklevelbar.c +++ b/gtk/gtklevelbar.c @@ -241,6 +241,7 @@ gtk_level_bar_ensure_offset (GtkLevelBar *self, { GList *existing; GtkLevelBarOffset *offset = NULL; + GtkLevelBarOffset *new_offset; existing = g_list_find_custom (self->priv->offsets, name, offset_find_func); if (existing) @@ -249,14 +250,15 @@ gtk_level_bar_ensure_offset (GtkLevelBar *self, if (offset && (offset->value == value)) return FALSE; + new_offset = gtk_level_bar_offset_new (name, value); + if (offset) { gtk_level_bar_offset_free (offset); self->priv->offsets = g_list_delete_link (self->priv->offsets, existing); } - offset = gtk_level_bar_offset_new (name, value); - self->priv->offsets = g_list_insert_sorted (self->priv->offsets, offset, offset_sort_func); + self->priv->offsets = g_list_insert_sorted (self->priv->offsets, new_offset, offset_sort_func); return TRUE; }