luc14n0/glib
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/glib.git synced 2024-12-26 23:46:15 +01:00
Code Issues Packages Projects Releases Wiki Activity

gsignal: Don't crash when operating on signals on the wrong object

Browse Source
This commit is contained in:
Iain Lane 2015-07-15 17:01:03 +01:00
parent 261250c46e
commit 16721468e5
1 changed files with 15 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
gobject/gsignal.c
View File

@ -153,6 +153,7 @@ static inline HandlerList* handler_list_ensure (guint signal_id,
static inline HandlerList* handler_list_lookup (guint signal_id, static inline HandlerList* handler_list_lookup (guint signal_id,
gpointer instance); gpointer instance);
static inline Handler* handler_new (guint signal_id, static inline Handler* handler_new (guint signal_id,
gpointer instance,
gboolean after); gboolean after);
static void handler_insert (guint signal_id, static void handler_insert (guint signal_id,
gpointer instance, gpointer instance,
@ -281,6 +282,7 @@ struct _Handler
guint after : 1; guint after : 1;
guint has_invalid_closure_notify : 1; guint has_invalid_closure_notify : 1;
GClosure *closure; GClosure *closure;
gpointer instance;
}; };
struct _HandlerMatch struct _HandlerMatch
{ {
@ -450,7 +452,10 @@ handler_hash (gconstpointer key)
static gboolean static gboolean
handler_equal (gconstpointer a, gconstpointer b) handler_equal (gconstpointer a, gconstpointer b)
{ {
return ((Handler*)a)->sequential_number == ((Handler*)b)->sequential_number; Handler *ha = (Handler *)a;
Handler *hb = (Handler *)b;
return (ha->sequential_number == hb->sequential_number) &&
(ha->instance == hb->instance);
} }
static Handler* static Handler*
@ -465,7 +470,9 @@ handler_lookup (gpointer instance,
{ {
Handler key; Handler key;
key.sequential_number = handler_id; key.sequential_number = handler_id;
return (Handler *)g_hash_table_lookup (g_handlers, &key); key.instance = instance;
return g_hash_table_lookup (g_handlers, &key);
} }
hlbsa = g_hash_table_lookup (g_handler_list_bsa_ht, instance); hlbsa = g_hash_table_lookup (g_handler_list_bsa_ht, instance);
@ -605,7 +612,7 @@ handlers_find (gpointer instance,
} }
static inline Handler* static inline Handler*
handler_new (guint signal_id, gboolean after) handler_new (guint signal_id, gpointer instance, gboolean after)
{ {
Handler *handler = g_slice_new (Handler); Handler *handler = g_slice_new (Handler);
#ifndef G_DISABLE_CHECKS #ifndef G_DISABLE_CHECKS
@ -618,6 +625,7 @@ handler_new (guint signal_id, gboolean after)
handler->next = NULL; handler->next = NULL;
handler->detail = 0; handler->detail = 0;
handler->signal_id = signal_id; handler->signal_id = signal_id;
handler->instance = instance;
handler->ref_count = 1; handler->ref_count = 1;
handler->block_count = 0; handler->block_count = 0;
handler->after = after != FALSE; handler->after = after != FALSE;
@ -657,6 +665,7 @@ handler_unref_R (guint signal_id,
else else
{ {
hlist = handler_list_lookup (signal_id, instance); hlist = handler_list_lookup (signal_id, instance);
g_assert (hlist != NULL);
hlist->handlers = handler->next; hlist->handlers = handler->next;
} }
@ -2321,7 +2330,7 @@ g_signal_connect_closure_by_id (gpointer instance,
g_warning ("%s: signal id '%u' is invalid for instance '%p'", G_STRLOC, signal_id, instance); g_warning ("%s: signal id '%u' is invalid for instance '%p'", G_STRLOC, signal_id, instance);
else else
{ {
Handler *handler = handler_new (signal_id, after); Handler *handler = handler_new (signal_id, instance, after);
handler_seq_no = handler->sequential_number; handler_seq_no = handler->sequential_number;
handler->detail = detail; handler->detail = detail;
@ -2385,7 +2394,7 @@ g_signal_connect_closure (gpointer instance,
G_STRLOC, detailed_signal, instance, g_type_name (itype)); G_STRLOC, detailed_signal, instance, g_type_name (itype));
else else
{ {
Handler *handler = handler_new (signal_id, after); Handler *handler = handler_new (signal_id, instance, after);
handler_seq_no = handler->sequential_number; handler_seq_no = handler->sequential_number;
handler->detail = detail; handler->detail = detail;
@ -2486,7 +2495,7 @@ g_signal_connect_data (gpointer instance,
G_STRLOC, detailed_signal, instance, g_type_name (itype)); G_STRLOC, detailed_signal, instance, g_type_name (itype));
else else
{ {
Handler *handler = handler_new (signal_id, after); Handler *handler = handler_new (signal_id, instance, after);
handler_seq_no = handler->sequential_number; handler_seq_no = handler->sequential_number;
handler->detail = detail; handler->detail = detail;