[gnome-boxes] search: Fix use-after-free in dbus methods

From: Alexander Larsson <alexl src gnome org>
To: commits-list gnome org
Cc:
Subject: [gnome-boxes] search: Fix use-after-free in dbus methods
Date: Thu, 25 Oct 2012 08:11:32 +0000 (UTC)

commit 30c63058f6fdd12a0db795b896df553ceeb7891d
Author: Alexander Larsson <alexl redhat com>
Date:   Tue Oct 23 20:08:40 2012 +0200

    search: Fix use-after-free in dbus methods
    
    The async dbus method implementation gets array arguments which
    are used after yield, but the generated dbus code that calls
    these frees the arguments directly after the call, so we access
    them after they are freed.
    
    The correct way to solve this is to make the parameters "owned"
    which means the caller needs to copy the arguments. However, this
    doesn't seem to work for the case of the dbus generated call, so
    we wrap the dbus method implementations in a normal method which
    causes owned arguments to work.

 src/gnome-boxes-search-provider.vala |   10 ++++++++--
 1 files changed, 8 insertions(+), 2 deletions(-)
---
diff --git a/src/gnome-boxes-search-provider.vala b/src/gnome-boxes-search-provider.vala
index 7aa4fc8..1b8da11 100644
--- a/src/gnome-boxes-search-provider.vala
+++ b/src/gnome-boxes-search-provider.vala
@@ -75,7 +75,7 @@ public class Boxes.SearchProvider: Object {
         return 0;
     }
 
-    private async string[] search (string[] terms) {
+    private async string[] search (owned string[] terms) {
         app.hold ();
         string[] normalized_terms = canonicalize_for_search (string.joinv(" ", terms)).split(" ");
         var matches = new GenericArray<DisplayProperties> ();
@@ -107,7 +107,7 @@ public class Boxes.SearchProvider: Object {
         return yield search (new_terms);
     }
 
-    public async HashTable<string, Variant>[] GetResultMetas (string[] ids) {
+    public async HashTable<string, Variant>[] get_metas (owned string[] ids) {
         var metas = new HashTable<string, Variant>[ids.length];
         app.hold ();
 
@@ -143,6 +143,12 @@ public class Boxes.SearchProvider: Object {
         return metas[0:n];
     }
 
+    /* We have to put this in a separate method because vala does not seem to honor "owned"
+       in the dbus method handler. I.e. it doesn't copy the ids array. */
+    public async HashTable<string, Variant>[] GetResultMetas (string[] ids) {
+        return yield get_metas (ids);
+    }
+
     public void ActivateResult (string search_id) {
         app.hold ();

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]