[evolution] Use-after-free of a full name editor when closing a contact editor
- From: Milan Crha <mcrha src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [evolution] Use-after-free of a full name editor when closing a contact editor
- Date: Tue, 2 Sep 2014 08:20:35 +0000 (UTC)
commit 707ba2751903f08369d2c8fa7779140b49f6051b
Author: Milan Crha <mcrha redhat com>
Date: Tue Sep 2 10:16:36 2014 +0200
Use-after-free of a full name editor when closing a contact editor
The EContactEditor added a signal handler to "editor_closed" to
close also a full name editor, but it did not remove the signal
handler on full name editor's destroy, thus the callback was called
on an already freed widget, which could cause a crash.
This had been reported at:
https://bugzilla.redhat.com/show_bug.cgi?id=1128745
addressbook/gui/contact-editor/e-contact-editor.c | 23 ++++++++++-----------
1 files changed, 11 insertions(+), 12 deletions(-)
---
diff --git a/addressbook/gui/contact-editor/e-contact-editor.c
b/addressbook/gui/contact-editor/e-contact-editor.c
index 323a82b..f8021d2 100644
--- a/addressbook/gui/contact-editor/e-contact-editor.c
+++ b/addressbook/gui/contact-editor/e-contact-editor.c
@@ -3197,6 +3197,14 @@ exit:
}
static void
+full_name_editor_closed_cb (GtkWidget *widget,
+ gpointer data)
+{
+ if (GTK_IS_WIDGET (widget))
+ gtk_widget_destroy (widget);
+}
+
+static void
full_name_response (GtkDialog *dialog,
gint response,
EContactEditor *editor)
@@ -3235,21 +3243,12 @@ full_name_response (GtkDialog *dialog,
file_as_set_style (editor, style);
}
+ g_signal_handlers_disconnect_by_func (editor, G_CALLBACK (full_name_editor_closed_cb), dialog);
+
gtk_widget_destroy (GTK_WIDGET (dialog));
editor->priv->fullname_dialog = NULL;
}
-static gint
-full_name_editor_delete_event_cb (GtkWidget *widget,
- GdkEvent *event,
- gpointer data)
-{
- if (GTK_IS_WIDGET (widget))
- gtk_widget_destroy (widget);
-
- return TRUE;
-}
-
static void
full_name_clicked (GtkWidget *button,
EContactEditor *editor)
@@ -3276,7 +3275,7 @@ full_name_clicked (GtkWidget *button,
/* Close the fullname dialog if the editor is closed */
g_signal_connect_swapped (
editor, "editor_closed",
- G_CALLBACK (full_name_editor_delete_event_cb), dialog);
+ G_CALLBACK (full_name_editor_closed_cb), dialog);
gtk_widget_show (GTK_WIDGET (dialog));
editor->priv->fullname_dialog = GTK_WIDGET (dialog);
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]