[grilo-plugins] lua-factory: Fix use after free
- From: Juan A. Suarez Romero <jasuarez src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [grilo-plugins] lua-factory: Fix use after free
- Date: Mon, 21 Jul 2014 20:57:52 +0000 (UTC)
commit 194b7ea9742b978df8f95445726f039d6018685d
Author: Bastien Nocera <hadess hadess net>
Date: Wed Jul 16 17:03:47 2014 +0200
lua-factory: Fix use after free
==21842== Invalid read of size 4
==21842== at 0x2CE855B7: grl_lua_library_set_current_operation (grl-lua-library.c:1258)
==21842== by 0x6706D16: resolve_idle (grl-source.c:2401)
==21842== by 0x7146872: g_main_context_dispatch (gmain.c:3067)
==21842== by 0x7146C77: g_main_context_iterate.isra.29 (gmain.c:3747)
==21842== by 0x7146F91: g_main_loop_run (gmain.c:3941)
==21842== by 0x50323C4: gtk_main (gtkmain.c:1206)
==21842== by 0x40C159: main (main.c:2395)
==21842== Address 0x2a655ecc is 76 bytes inside a block of size 88 free'd
==21842== at 0x4C2CCE9: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==21842== by 0x714C3BE: g_free (gmem.c:190)
==21842== by 0x7163053: g_slice_free1 (gslice.c:1112)
==21842== by 0x2CE846B7: grl_l_callback (grl-lua-library.c:947)
==21842== by 0x2D09B7CC: ??? (in /usr/lib64/liblua-5.2.so)
==21842== by 0x2D0AD78C: ??? (in /usr/lib64/liblua-5.2.so)
==21842== by 0x2D09BAC7: ??? (in /usr/lib64/liblua-5.2.so)
==21842== by 0x2D09B13E: ??? (in /usr/lib64/liblua-5.2.so)
==21842== by 0x2D09BD10: ??? (in /usr/lib64/liblua-5.2.so)
==21842== by 0x2D0932D5: lua_pcallk (in /usr/lib64/liblua-5.2.so)
==21842== by 0x2CE82C10: grl_lua_factory_source_resolve (grl-lua-factory.c:1119)
==21842== by 0x6706D16: resolve_idle (grl-source.c:2401)
https://bugzilla.gnome.org/show_bug.cgi?id=733259
src/lua-factory/grl-lua-library.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
---
diff --git a/src/lua-factory/grl-lua-library.c b/src/lua-factory/grl-lua-library.c
index 2594cd8..c88abb7 100644
--- a/src/lua-factory/grl-lua-library.c
+++ b/src/lua-factory/grl-lua-library.c
@@ -943,6 +943,7 @@ grl_l_callback (lua_State *L)
g_object_unref (os->options);
os->callback_done = TRUE;
grl_lua_library_remove_operation_data (L, os->operation_id);
+ grl_lua_library_set_current_operation (L, 0);
g_free (os->string);
g_slice_free (OperationSpec, os);
}
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
