evolution-data-server/evolution-data-server-fix-use-after-free.patch

101 lines
2.9 KiB
Diff
Raw Normal View History

From fe77982c952af27348f9c6d6d5a1952b8eeb3236 Mon Sep 17 00:00:00 2001
From: Milan Crha <mcrha@redhat.com>
Date: Fri, 12 Dec 2014 11:30:08 +0100
Subject: Bug 695754 - Use-after-free in
source_registry_source_notify_enabled_idle_cb()
diff --git a/libedataserver/e-source-registry.c b/libedataserver/e-source-registry.c
index 22b46a7..3b6f806 100644
--- a/libedataserver/e-source-registry.c
+++ b/libedataserver/e-source-registry.c
@@ -445,24 +445,6 @@ source_registry_service_restart_table_steal_all (ESourceRegistry *registry)
return list;
}
-static void
-source_registry_sources_insert (ESourceRegistry *registry,
- ESource *source)
-{
- const gchar *uid;
-
- uid = e_source_get_uid (source);
- g_return_if_fail (uid != NULL);
-
- g_mutex_lock (&registry->priv->sources_lock);
-
- g_hash_table_insert (
- registry->priv->sources,
- g_strdup (uid), g_object_ref (source));
-
- g_mutex_unlock (&registry->priv->sources_lock);
-}
-
static gboolean
source_registry_sources_remove (ESourceRegistry *registry,
ESource *source)
@@ -746,9 +728,11 @@ source_registry_add_source (ESourceRegistry *registry,
G_CALLBACK (source_registry_source_notify_enabled_cb),
registry);
- g_mutex_unlock (&registry->priv->sources_lock);
+ g_hash_table_insert (
+ registry->priv->sources,
+ g_strdup (uid), g_object_ref (source));
- source_registry_sources_insert (registry, source);
+ g_mutex_unlock (&registry->priv->sources_lock);
}
static gboolean
@@ -1263,11 +1247,6 @@ source_registry_dispose (GObject *object)
priv->thread_closure = NULL;
}
- if (priv->main_context != NULL) {
- g_main_context_unref (priv->main_context);
- priv->main_context = NULL;
- }
-
if (priv->dbus_object_manager != NULL) {
g_object_unref (priv->dbus_object_manager);
priv->dbus_object_manager = NULL;
@@ -1282,6 +1261,14 @@ source_registry_dispose (GObject *object)
g_hash_table_remove_all (priv->sources);
+ if (priv->main_context != NULL) {
+ while (g_main_context_pending (priv->main_context)) {
+ g_main_context_iteration (priv->main_context, FALSE);
+ }
+ g_main_context_unref (priv->main_context);
+ priv->main_context = NULL;
+ }
+
if (priv->settings != NULL) {
g_signal_handlers_disconnect_by_data (priv->settings, object);
g_object_unref (priv->settings);
--
cgit v0.10.1
From 234791233b71ae24d020ec5379069f5dd8c1f15d Mon Sep 17 00:00:00 2001
From: Milan Crha <mcrha@redhat.com>
Date: Fri, 12 Dec 2014 14:11:04 +0100
Subject: Bug 741434 - Use-after-free after error in GPG signature verification
diff --git a/camel/camel-gpg-context.c b/camel/camel-gpg-context.c
index 8c3104b..ea2cb84 100644
--- a/camel/camel-gpg-context.c
+++ b/camel/camel-gpg-context.c
@@ -1889,6 +1889,7 @@ gpg_verify_sync (CamelCipherContext *context,
g_object_unref (filter);
g_object_unref (istream);
+ istream = NULL;
g_seekable_seek (G_SEEKABLE (canon_stream), 0, G_SEEK_SET, NULL, NULL);
--
cgit v0.10.1