diff options
author | Mike Gorse <mgorse@suse.com> | 2023-05-10 13:48:43 -0500 |
---|---|---|
committer | Mike Gorse <mgorse@suse.com> | 2023-05-10 13:48:43 -0500 |
commit | 0617b2d3168e2d01e2d1672d34ca32471d51efd3 (patch) | |
tree | a94e3612ebcbadf67e51dfe04616caf3ce2a6851 | |
parent | de22b951e23f37c7073d0c86ed9eb034daf3db74 (diff) | |
download | at-spi2-core-0617b2d3168e2d01e2d1672d34ca32471d51efd3.tar.gz |
Guard against recursion in atspi_accessible_clear_cache
Add a stamp to AtspiAccessiblePrivate for use when iterating through a
tree, and don't touch accessibles that have already been touched. This should
further protect against buggy or malicious applications causing infinite
recursion.
Fixes #113
-rw-r--r-- | atspi/atspi-accessible-private.h | 1 | ||||
-rw-r--r-- | atspi/atspi-accessible.c | 25 |
2 files changed, 18 insertions, 8 deletions
diff --git a/atspi/atspi-accessible-private.h b/atspi/atspi-accessible-private.h index e92260ee..fdb572f0 100644 --- a/atspi/atspi-accessible-private.h +++ b/atspi/atspi-accessible-private.h @@ -37,6 +37,7 @@ struct _AtspiAccessiblePrivate { GHashTable *cache; guint cache_ref_count; + guint iteration_stamp; }; GHashTable * diff --git a/atspi/atspi-accessible.c b/atspi/atspi-accessible.c index 1ce6b707..0a78b6bc 100644 --- a/atspi/atspi-accessible.c +++ b/atspi/atspi-accessible.c @@ -1739,6 +1739,21 @@ atspi_accessible_set_cache_mask (AtspiAccessible *accessible, AtspiCache mask) enable_caching = TRUE; } +static void +atspi_accessible_clear_cache_internal (AtspiAccessible *obj, guint iteration_stamp) +{ + gint i; + + if (obj && obj->priv->iteration_stamp != iteration_stamp) + { + obj->priv->iteration_stamp = iteration_stamp; + obj->cached_properties = ATSPI_CACHE_NONE; + if (obj->children) + for (i = 0; i < obj->children->len; i++) + atspi_accessible_clear_cache_internal (g_ptr_array_index (obj->children, i), iteration_stamp); + } +} + /** * atspi_accessible_clear_cache: * @obj: The #AtspiAccessible whose cache to clear. @@ -1749,15 +1764,9 @@ atspi_accessible_set_cache_mask (AtspiAccessible *accessible, AtspiCache mask) void atspi_accessible_clear_cache (AtspiAccessible *obj) { - gint i; + static guint iteration_stamp = 0; - if (obj) - { - obj->cached_properties = ATSPI_CACHE_NONE; - if (obj->children) - for (i = 0; i < obj->children->len; i++) - atspi_accessible_clear_cache (g_ptr_array_index (obj->children, i)); - } + atspi_accessible_clear_cache_internal (obj, ++iteration_stamp); } /** |