luc14n0/glib
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/glib.git synced 2025-02-23 10:42:11 +01:00
Code Issues Packages Projects Releases Wiki Activity

gcontenttype: Fix a potential use-after-free of xdgmime data

Browse Source 
While `gio_xdgmime` is unlocked, the data which `type` points to in the
xdgmime cache might get invalidated, leaving `type` as a dangling
pointer. That would not bode well for the `g_strdup (type)` call to
insert a new entry into the `type_comment_cache` once `gio_xdgmime` is
re-acquired.

This was spotted using static analysis, and the symptoms have not
knowingly been seen in the wild.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Coverity CID: #1474702

(cherry-picked from commit 45d4c525)
This commit is contained in:
Philip Withnall 2022-06-28 10:51:42 +01:00 committed by Marco Trevisan (Treviño)
parent 28fe069024
commit 938ea5141f
1 changed files with 10 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
gio/gcontenttype.c
View File

@ -483,6 +483,7 @@ gchar *
g_content_type_get_description (const gchar *type)
{
static GHashTable *type_comment_cache = NULL;
gchar *type_copy = NULL;
gchar *comment;
g_return_val_if_fail (type != NULL, NULL);
@ -497,16 +498,21 @@ g_content_type_get_description (const gchar *type)
comment = g_hash_table_lookup (type_comment_cache, type);
comment = g_strdup (comment);
G_UNLOCK (gio_xdgmime);
if (comment != NULL)
return comment;
{
G_UNLOCK (gio_xdgmime);
return comment;
}
comment = load_comment_for_mime (type);
type_copy = g_strdup (type);
G_UNLOCK (gio_xdgmime);
comment = load_comment_for_mime (type_copy);
G_LOCK (gio_xdgmime);
g_hash_table_insert (type_comment_cache,
g_strdup (type),
g_steal_pointer (&type_copy),
g_strdup (comment));
G_UNLOCK (gio_xdgmime);