[mutter/wayland] keybindings: fix invalid read after a keybinding is removed

From: Giovanni Campagna <gcampagna src gnome org>
To: commits-list gnome org
Cc:
Subject: [mutter/wayland] keybindings: fix invalid read after a keybinding is removed
Date: Wed, 26 Feb 2014 14:19:54 +0000 (UTC)

commit ac0c7df4a3c364a44ebe0ab22580754ca2e608d0
Author: Giovanni Campagna <gcampagna src gnome org>
Date:   Wed Feb 26 00:47:11 2014 +0100

    keybindings: fix invalid read after a keybinding is removed
    
    The handler pointer is dangling in MetaKeyBinding until
    rebuild_key_binding_table() is run, so we can't dereference it.
    Because we only need the flags at ungrab time, store a copy
    in the MetaKeyBinding structure.
    
    https://bugzilla.gnome.org/show_bug.cgi?id=724402

 src/core/keybindings-private.h |    1 +
 src/core/keybindings.c         |    5 ++++-
 2 files changed, 5 insertions(+), 1 deletions(-)
---
diff --git a/src/core/keybindings-private.h b/src/core/keybindings-private.h
index 0788922..3ef3dd4 100644
--- a/src/core/keybindings-private.h
+++ b/src/core/keybindings-private.h
@@ -47,6 +47,7 @@ struct _MetaKeyBinding
   KeyCode keycode;
   unsigned int mask;
   MetaVirtualModifier modifiers;
+  gint flags;
   MetaKeyHandler *handler;
 };
 
diff --git a/src/core/keybindings.c b/src/core/keybindings.c
index 9024410..db2db76 100644
--- a/src/core/keybindings.c
+++ b/src/core/keybindings.c
@@ -603,6 +603,7 @@ rebuild_binding_table (MetaDisplay     *display,
 
               (*bindings_p)[i].name = pref->name;
               (*bindings_p)[i].handler = handler;
+              (*bindings_p)[i].flags = handler->flags;
               (*bindings_p)[i].keysym = combo->keysym;
               (*bindings_p)[i].keycode = combo->keycode;
               (*bindings_p)[i].modifiers = combo->modifiers;
@@ -619,6 +620,7 @@ rebuild_binding_table (MetaDisplay     *display,
 
                   (*bindings_p)[i].name = pref->name;
                   (*bindings_p)[i].handler = handler;
+                  (*bindings_p)[i].flags = handler->flags;
                   (*bindings_p)[i].keysym = combo->keysym;
                   (*bindings_p)[i].keycode = combo->keycode;
                   (*bindings_p)[i].modifiers = combo->modifiers |
@@ -645,6 +647,7 @@ rebuild_binding_table (MetaDisplay     *display,
 
           (*bindings_p)[i].name = grab->name;
           (*bindings_p)[i].handler = handler;
+          (*bindings_p)[i].flags = handler->flags;
           (*bindings_p)[i].keysym = grab->combo->keysym;
           (*bindings_p)[i].keycode = grab->combo->keycode;
           (*bindings_p)[i].modifiers = grab->combo->modifiers;
@@ -1160,7 +1163,7 @@ change_binding_keygrabs (MetaKeyBinding *bindings,
   while (i < n_bindings)
     {
       if (!!binding_per_window ==
-          !!(bindings[i].handler->flags & META_KEY_BINDING_PER_WINDOW) &&
+          !!(bindings[i].flags & META_KEY_BINDING_PER_WINDOW) &&
           bindings[i].keycode != 0)
         {
           meta_change_keygrab (display, xwindow, grab,

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]