diff options
author | Mike Gorse <mgorse@suse.com> | 2014-08-16 10:53:49 -0500 |
---|---|---|
committer | Mike Gorse <mgorse@suse.com> | 2014-08-16 10:53:49 -0500 |
commit | bb89b1efae6273fe89c6269fe4099bd2da8e4704 (patch) | |
tree | a6b5449564d4baf791d53ffbc01ed6a789b90253 | |
parent | a41de8ae26c129cc33fbeb65a67b2c4afeb881d5 (diff) | |
download | at-spi2-core-bb89b1efae6273fe89c6269fe4099bd2da8e4704.tar.gz |
Copy interfaces when creating a match rule
We shouldn't assume that we own the list of interfaces passed in.
The caller may free the list, and then we have a pointer to invalid
data in the AtspiMatchRule structure, causing crashes.
https://bugzilla.gnome.org/show_bug.cgi?id=734805
-rw-r--r-- | atspi/atspi-matchrule.c | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/atspi/atspi-matchrule.c b/atspi/atspi-matchrule.c index 8abeb130..e9954594 100644 --- a/atspi/atspi-matchrule.c +++ b/atspi/atspi-matchrule.c @@ -55,10 +55,14 @@ static void atspi_match_rule_finalize (GObject *object) { AtspiMatchRule *rule = ATSPI_MATCH_RULE (object); + gint i; - /* TODO: Check that interfaces don't leak */ if (rule->interfaces) + { + for (i = 0; i < rule->interfaces->len; i++) + g_free (g_array_index (rule->interfaces, gchar *, i)); g_array_free (rule->interfaces, TRUE); + } if (rule->attributes) g_hash_table_unref (rule->attributes); @@ -142,7 +146,14 @@ atspi_match_rule_new (AtspiStateSet *states, rule->attributematchtype = attributematchtype; if (interfaces) - rule->interfaces = g_array_ref (interfaces); + { + rule->interfaces = g_array_new (TRUE, TRUE, sizeof (gchar *)); + for (i = 0; i < interfaces->len; i++) + { + gchar *val = g_strdup (g_array_index (interfaces, gchar *, i)); + rule->interfaces = g_array_append_val (rule->interfaces, val); + } + } rule->interfacematchtype = interfacematchtype; if (roles) |