luc14n0/glib
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/glib.git synced 2025-09-30 19:06:38 +02:00
Code Issues Packages Projects Releases Wiki Activity

Avoid a use-after-free

Browse Source 
Instead of pulling parent_window out of a copy of the environment
and having it go bad when we free the copy, move the definition
of GAppLaunchContextPrivate up and use the envp member without
copying in.

Pointed out by Cosimo Cecchi.
This commit is contained in:
Matthias Clasen
2016-07-06 19:10:33 -04:00
parent 34c104924f
commit 01404fbe83
1 changed files with 6 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
gio/gappinfo.c
View File

@@ -90,6 +90,10 @@
* different ideas of what a given URI means.
*/
struct _GAppLaunchContextPrivate {
char **envp;
};
typedef GAppInfoIface GAppInfoInterface;
G_DEFINE_INTERFACE (GAppInfo, g_app_info, G_TYPE_OBJECT)
@@ -683,13 +687,8 @@ launch_default_with_portal (const char *uri,
if (session_bus == NULL)
return FALSE;
if (context)
{
char **env;
env = g_app_launch_context_get_environment (context);
parent_window = g_environ_getenv (env, "PARENT_WINDOW_ID");
g_strfreev (env);
}
if (context && context->priv->envp)
parent_window = g_environ_getenv (context->priv->envp, "PARENT_WINDOW_ID");
g_variant_builder_init (&opt_builder, G_VARIANT_TYPE_VARDICT);
@@ -841,10 +840,6 @@ enum {
LAST_SIGNAL
};
struct _GAppLaunchContextPrivate {
char **envp;
};
static guint signals[LAST_SIGNAL] = { 0 };
G_DEFINE_TYPE_WITH_PRIVATE (GAppLaunchContext, g_app_launch_context, G_TYPE_OBJECT)