mirror of
https://gitlab.gnome.org/GNOME/glib.git
synced 2025-01-25 21:46:14 +01:00
gcontenttype: Fix a potential use-after-free of xdgmime data
While `gio_xdgmime` is unlocked, the data which `type` points to in the xdgmime cache might get invalidated, leaving `type` as a dangling pointer. That would not bode well for the `g_strdup (type)` call to insert a new entry into the `type_comment_cache` once `gio_xdgmime` is re-acquired. This was spotted using static analysis, and the symptoms have not knowingly been seen in the wild. Signed-off-by: Philip Withnall <pwithnall@endlessos.org> Coverity CID: #1474702
This commit is contained in:
parent
6d381c9668
commit
45d4c52501
@ -486,6 +486,7 @@ gchar *
|
||||
g_content_type_get_description (const gchar *type)
|
||||
{
|
||||
static GHashTable *type_comment_cache = NULL;
|
||||
gchar *type_copy = NULL;
|
||||
gchar *comment;
|
||||
|
||||
g_return_val_if_fail (type != NULL, NULL);
|
||||
@ -500,16 +501,21 @@ g_content_type_get_description (const gchar *type)
|
||||
|
||||
comment = g_hash_table_lookup (type_comment_cache, type);
|
||||
comment = g_strdup (comment);
|
||||
G_UNLOCK (gio_xdgmime);
|
||||
|
||||
if (comment != NULL)
|
||||
{
|
||||
G_UNLOCK (gio_xdgmime);
|
||||
return comment;
|
||||
}
|
||||
|
||||
comment = load_comment_for_mime (type);
|
||||
type_copy = g_strdup (type);
|
||||
|
||||
G_UNLOCK (gio_xdgmime);
|
||||
comment = load_comment_for_mime (type_copy);
|
||||
G_LOCK (gio_xdgmime);
|
||||
|
||||
g_hash_table_insert (type_comment_cache,
|
||||
g_strdup (type),
|
||||
g_steal_pointer (&type_copy),
|
||||
g_strdup (comment));
|
||||
G_UNLOCK (gio_xdgmime);
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user