[mutter] keybindings: fix invalid read after a keybinding is removed
- From: Giovanni Campagna <gcampagna src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [mutter] keybindings: fix invalid read after a keybinding is removed
- Date: Wed, 26 Feb 2014 14:16:08 +0000 (UTC)
commit 682d6f9ee204bab4ef3c1092e4cd4c1c345367d1
Author: Giovanni Campagna <gcampagna src gnome org>
Date: Wed Feb 26 00:47:11 2014 +0100
keybindings: fix invalid read after a keybinding is removed
The handler pointer is dangling in MetaKeyBinding until
rebuild_key_binding_table() is run, so we can't dereference it.
Because we only need the flags at ungrab time, store a copy
in the MetaKeyBinding structure.
https://bugzilla.gnome.org/show_bug.cgi?id=724402
src/core/keybindings-private.h | 1 +
src/core/keybindings.c | 5 ++++-
2 files changed, 5 insertions(+), 1 deletions(-)
---
diff --git a/src/core/keybindings-private.h b/src/core/keybindings-private.h
index 239d462..5608905 100644
--- a/src/core/keybindings-private.h
+++ b/src/core/keybindings-private.h
@@ -47,6 +47,7 @@ struct _MetaKeyBinding
KeyCode keycode;
unsigned int mask;
MetaVirtualModifier modifiers;
+ gint flags;
MetaKeyHandler *handler;
};
diff --git a/src/core/keybindings.c b/src/core/keybindings.c
index f7329bd..3c96b31 100644
--- a/src/core/keybindings.c
+++ b/src/core/keybindings.c
@@ -607,6 +607,7 @@ rebuild_binding_table (MetaDisplay *display,
(*bindings_p)[i].name = pref->name;
(*bindings_p)[i].handler = handler;
+ (*bindings_p)[i].flags = handler->flags;
(*bindings_p)[i].keysym = combo->keysym;
(*bindings_p)[i].keycode = combo->keycode;
(*bindings_p)[i].modifiers = combo->modifiers;
@@ -623,6 +624,7 @@ rebuild_binding_table (MetaDisplay *display,
(*bindings_p)[i].name = pref->name;
(*bindings_p)[i].handler = handler;
+ (*bindings_p)[i].flags = handler->flags;
(*bindings_p)[i].keysym = combo->keysym;
(*bindings_p)[i].keycode = combo->keycode;
(*bindings_p)[i].modifiers = combo->modifiers |
@@ -649,6 +651,7 @@ rebuild_binding_table (MetaDisplay *display,
(*bindings_p)[i].name = grab->name;
(*bindings_p)[i].handler = handler;
+ (*bindings_p)[i].flags = handler->flags;
(*bindings_p)[i].keysym = grab->combo->keysym;
(*bindings_p)[i].keycode = grab->combo->keycode;
(*bindings_p)[i].modifiers = grab->combo->modifiers;
@@ -1164,7 +1167,7 @@ change_binding_keygrabs (MetaKeyBinding *bindings,
while (i < n_bindings)
{
if (!!binding_per_window ==
- !!(bindings[i].handler->flags & META_KEY_BINDING_PER_WINDOW) &&
+ !!(bindings[i].flags & META_KEY_BINDING_PER_WINDOW) &&
bindings[i].keycode != 0)
{
meta_change_keygrab (display, xwindow, grab,
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]