AuroraMiddleware/gtk2
1
0
Fork 0
forked from AuroraMiddleware/gtk
Code Issues Pull Requests Projects Releases Wiki Activity

levelbar: Avoid a use-after-free

Browse Source 
We were freeing the old offset before using its name to
recreate a new one. Don't do that.
Found by gcc's undefined behavior sanitizer.
This commit is contained in:
Matthias Clasen 2016-02-26 14:51:24 -05:00
parent 5ca860dcaf
commit c784d5d700
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
gtk/gtklevelbar.c
View File

@ -241,6 +241,7 @@ gtk_level_bar_ensure_offset (GtkLevelBar *self,
{ {
GList *existing; GList *existing;
GtkLevelBarOffset *offset = NULL; GtkLevelBarOffset *offset = NULL;
GtkLevelBarOffset *new_offset;
existing = g_list_find_custom (self->priv->offsets, name, offset_find_func); existing = g_list_find_custom (self->priv->offsets, name, offset_find_func);
if (existing) if (existing)
@ -249,14 +250,15 @@ gtk_level_bar_ensure_offset (GtkLevelBar *self,
if (offset && (offset->value == value)) if (offset && (offset->value == value))
return FALSE; return FALSE;
new_offset = gtk_level_bar_offset_new (name, value);
if (offset) if (offset)
{ {
gtk_level_bar_offset_free (offset); gtk_level_bar_offset_free (offset);
self->priv->offsets = g_list_delete_link (self->priv->offsets, existing); self->priv->offsets = g_list_delete_link (self->priv->offsets, existing);
} }
offset = gtk_level_bar_offset_new (name, value); self->priv->offsets = g_list_insert_sorted (self->priv->offsets, new_offset, offset_sort_func);
self->priv->offsets = g_list_insert_sorted (self->priv->offsets, offset, offset_sort_func);
return TRUE; return TRUE;
} }