[buoh/vala: 19/19] Fix write after free in loader
- From: Jan Tojnar <jtojnar src gnome org>
- To: commits-list gnome org
- Cc: 
- Subject: [buoh/vala: 19/19] Fix write after free in loader
- Date: Fri,  1 Jan 2021 01:54:48 +0000 (UTC)
commit 2f0b6488094dddc4e728baad51da8546cb5f3834
Author: Jan Tojnar <jtojnar gmail com>
Date:   Fri Jan 1 02:51:42 2021 +0100
    Fix write after free in loader
    
    BuohComicLoader holds a reference to BuohComicLoaderJob but when the job is
    cancelled or fails, the job object passed to the comic_loader thread gets unref’d,
    making the reference in BuohComicLoader invalid.
    
    When next job comic being loaded attempted to mark the previous job cancelled
    (in case it is still running), it would write into an already freed memory,
    frequently causing a crash.
    
    Let’s increase the reference count when passing the job to the thread to avoid that.
 src/buoh-comic-loader.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
---
diff --git a/src/buoh-comic-loader.c b/src/buoh-comic-loader.c
index d37e2eb..1cebdb1 100644
--- a/src/buoh-comic-loader.c
+++ b/src/buoh-comic-loader.c
@@ -316,7 +316,7 @@ buoh_comic_loader_load_comic (BuohComicLoader *loader,
 
         g_thread_new ("comic_loader",
                       (GThreadFunc) buoh_comic_loader_job_run,
-                      priv->job);
+                      g_object_ref (priv->job));
 }
 
 void
[
Date Prev][
Date Next]   [
Thread Prev][
Thread Next]   
[
Thread Index]
[
Date Index]
[
Author Index]