From fe77982c952af27348f9c6d6d5a1952b8eeb3236 Mon Sep 17 00:00:00 2001 From: Milan Crha Date: Fri, 12 Dec 2014 11:30:08 +0100 Subject: Bug 695754 - Use-after-free in source_registry_source_notify_enabled_idle_cb() diff --git a/libedataserver/e-source-registry.c b/libedataserver/e-source-registry.c index 22b46a7..3b6f806 100644 --- a/libedataserver/e-source-registry.c +++ b/libedataserver/e-source-registry.c @@ -445,24 +445,6 @@ source_registry_service_restart_table_steal_all (ESourceRegistry *registry) return list; } -static void -source_registry_sources_insert (ESourceRegistry *registry, - ESource *source) -{ - const gchar *uid; - - uid = e_source_get_uid (source); - g_return_if_fail (uid != NULL); - - g_mutex_lock (®istry->priv->sources_lock); - - g_hash_table_insert ( - registry->priv->sources, - g_strdup (uid), g_object_ref (source)); - - g_mutex_unlock (®istry->priv->sources_lock); -} - static gboolean source_registry_sources_remove (ESourceRegistry *registry, ESource *source) @@ -746,9 +728,11 @@ source_registry_add_source (ESourceRegistry *registry, G_CALLBACK (source_registry_source_notify_enabled_cb), registry); - g_mutex_unlock (®istry->priv->sources_lock); + g_hash_table_insert ( + registry->priv->sources, + g_strdup (uid), g_object_ref (source)); - source_registry_sources_insert (registry, source); + g_mutex_unlock (®istry->priv->sources_lock); } static gboolean @@ -1263,11 +1247,6 @@ source_registry_dispose (GObject *object) priv->thread_closure = NULL; } - if (priv->main_context != NULL) { - g_main_context_unref (priv->main_context); - priv->main_context = NULL; - } - if (priv->dbus_object_manager != NULL) { g_object_unref (priv->dbus_object_manager); priv->dbus_object_manager = NULL; @@ -1282,6 +1261,14 @@ source_registry_dispose (GObject *object) g_hash_table_remove_all (priv->sources); + if (priv->main_context != NULL) { + while (g_main_context_pending (priv->main_context)) { + g_main_context_iteration (priv->main_context, FALSE); + } + g_main_context_unref (priv->main_context); + priv->main_context = NULL; + } + if (priv->settings != NULL) { g_signal_handlers_disconnect_by_data (priv->settings, object); g_object_unref (priv->settings); -- cgit v0.10.1 From 234791233b71ae24d020ec5379069f5dd8c1f15d Mon Sep 17 00:00:00 2001 From: Milan Crha Date: Fri, 12 Dec 2014 14:11:04 +0100 Subject: Bug 741434 - Use-after-free after error in GPG signature verification diff --git a/camel/camel-gpg-context.c b/camel/camel-gpg-context.c index 8c3104b..ea2cb84 100644 --- a/camel/camel-gpg-context.c +++ b/camel/camel-gpg-context.c @@ -1889,6 +1889,7 @@ gpg_verify_sync (CamelCipherContext *context, g_object_unref (filter); g_object_unref (istream); + istream = NULL; g_seekable_seek (G_SEEKABLE (canon_stream), 0, G_SEEK_SET, NULL, NULL); -- cgit v0.10.1