Copy interfaces when creating a match rule

We shouldn't assume that we own the list of interfaces passed in.
The caller may free the list, and then we have a pointer to invalid
data in the AtspiMatchRule structure, causing crashes.

https://bugzilla.gnome.org/show_bug.cgi?id=734805

1 files changed, 13 insertions, 2 deletions

diff --git a/atspi/atspi-matchrule.c b/atspi/atspi-matchrule.c
index 8abeb130..e9954594 100644
--- a/atspi/atspi-matchrule.c
+++ b/atspi/atspi-matchrule.c
@@ -55,10 +55,14 @@ static void
 atspi_match_rule_finalize (GObject *object)
 {
   AtspiMatchRule *rule = ATSPI_MATCH_RULE (object);
+  gint i;
 
-  /* TODO: Check that interfaces don't leak */
   if (rule->interfaces)
+  {
+    for (i = 0; i < rule->interfaces->len; i++)
+      g_free (g_array_index (rule->interfaces, gchar *, i));
     g_array_free (rule->interfaces, TRUE);
+  }
 
   if (rule->attributes)
     g_hash_table_unref (rule->attributes);
@@ -142,7 +146,14 @@ atspi_match_rule_new (AtspiStateSet *states,
   rule->attributematchtype = attributematchtype;
 
   if (interfaces)
-    rule->interfaces = g_array_ref (interfaces);
+  {
+    rule->interfaces = g_array_new (TRUE, TRUE, sizeof (gchar *));
+    for (i = 0; i < interfaces->len; i++)
+    {
+      gchar *val = g_strdup (g_array_index (interfaces, gchar *, i));
+      rule->interfaces = g_array_append_val (rule->interfaces, val);
+    }
+  }
   rule->interfacematchtype = interfacematchtype;
 
   if (roles)