luc14n0/glib
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/glib.git synced 2025-04-20 22:29:17 +02:00
Code Issues Packages Projects Releases Wiki Activity

g_data_set_internal: avoid use-after-free if datalist is in dataset

Browse Source 
Removing the last thing in a dataset frees the dataset, and if the
datalist was in a dataset, we can't safely unlock it after the dataset
has been freed. Unlock it sooner.

Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Bug: https://bugzilla.gnome.org/show_bug.cgi?id=666113
Reviewed-by: Matthias Clasen <mclasen@redhat.com>
This commit is contained in:
Simon McVittie 2011-12-13 14:44:18 +00:00
parent 0bf8378840
commit c49a4dba82
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
glib/gdataset.c
View File

@ -387,6 +387,10 @@ g_data_set_internal (GData **datalist,
{ {
G_DATALIST_SET_POINTER (datalist, NULL); G_DATALIST_SET_POINTER (datalist, NULL);
g_free (d); g_free (d);
/* datalist may be situated in dataset, so must not be
* unlocked after we free it
*/
g_datalist_unlock (datalist);
/* the dataset destruction *must* be done /* the dataset destruction *must* be done
* prior to invocation of the data destroy function * prior to invocation of the data destroy function
@ -394,8 +398,10 @@ g_data_set_internal (GData **datalist,
if (dataset) if (dataset)
g_dataset_destroy_internal (dataset); g_dataset_destroy_internal (dataset);
} }
else
g_datalist_unlock (datalist); {
g_datalist_unlock (datalist);
}
/* We found and removed an old value /* We found and removed an old value
* the GData struct *must* already be unlinked * the GData struct *must* already be unlinked