From d83587b2a364eb9a9a53be7e6a708074e252de14 Mon Sep 17 00:00:00 2001
From: Michael Catanzaro <mcatanzaro@igalia.com>
Date: Thu, 27 Jun 2019 16:58:03 -0500
Subject: [PATCH] Fix gvdb_table_write_contents_async()

It worked when I first wrote it, but I broke it during the late stages
of code review. str is already freed here, so this is a use-after-free
vulnerability for starters. It also causes the file saved to be always
empty.
---
 gvdb-builder.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/gvdb-builder.c b/gvdb-builder.c
index cf94691bc..e36e9abbc 100644
--- a/gvdb-builder.c
+++ b/gvdb-builder.c
@@ -608,7 +608,9 @@ gvdb_table_write_contents_async (GHashTable          *table,
   g_task_set_task_data (task, data, (GDestroyNotify)write_contents_data_free);
   g_task_set_source_tag (task, gvdb_table_write_contents_async);
 
-  g_file_replace_contents_async (file, str->str, str->len,
+  g_file_replace_contents_async (file,
+                                 g_bytes_get_data (bytes, NULL),
+                                 g_bytes_get_size (bytes),
                                  NULL, FALSE,
                                  G_FILE_CREATE_PRIVATE | G_FILE_CREATE_REPLACE_DESTINATION,
                                  cancellable, replace_contents_cb, g_steal_pointer (&task));