[gparted] Adjust pointers to prevent crash when resizing a logical partition (#752587)

[Mike Fleetwood <mfleetwo src gnome org>]

commit c7c42f2cc5de27a673ddb31ae8f88b2d2ff97066
Author: Curtis Gedak <gedakc gmail com>
Date:   Mon Jul 20 12:59:46 2015 -0600

    Adjust pointers to prevent crash when resizing a logical partition (#752587)
    
    Opening the Resize/Move dialog on a logical partition causes GParted to
    crash.  This crash affects current GParted GIT HEAD, but does not affect
    GParted 0.22.0.  Git bisect identifies that it was broken with the
    following commit:
        Remove Set_Data() from the copy, resize/move and new dialog class APIs
        7a4a375ed629fea77995c98d13bd1992231be6fb
    
    The problem was trying to treat the reference display_partitions_ref
    like a pointer, and in particular on line 1732 trying to make it refer
    to the a different vector of partitions, .logicals sub-vector.
    
      1721  void Win_GParted::activate_resize()
      1722  {
      ...
      1726          std::vector<Partition> & display_partitions_ref = display_partitions;
      1727          if ( selected_partition_ptr->type == TYPE_LOGICAL )
      1728          {
      1729                  unsigned int ext = 0 ;
      1730                  while ( ext < display_partitions.size() && display_partitions[ext].type != 
TYPE_EXTENDED )
      1731                          ext++;
    * 1732                  display_partitions_ref = display_partitions[ext].logicals;
      1733          }
      1734
      1735          Dialog_Partition_Resize_Move dialog( gparted_core.get_fs( 
selected_partition_ptr->filesystem ),
      1736                                               *selected_partition_ptr,
      1737                                               display_partitions_ref );
    
    What was actually happening was that the .logicals sub-vector was being
    copied, replacing the display_partitions vector and freeing the original
    sub-vector.  This left selected_partition_ptr pointing to the original
    memory where the selected partition use to exist in the .logicals
    sub-vector.  At some point in the Dialog_Partition_Resize_Move class
    *selected_partition_ptr was referenced, accessing the freed memory.
    Crash soon followed.
    
    Fix by using a pointer instead of a reference, which can be assigned to
    point to a different object.
    
    Bug 752587 - GParted crashing when opening Resize/Move dialog on
                 logical partition

 src/Win_GParted.cc |    6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)
---
diff --git a/src/Win_GParted.cc b/src/Win_GParted.cc
index 1839179..a003a36 100644
--- a/src/Win_GParted.cc
+++ b/src/Win_GParted.cc
@@ -1723,18 +1723,18 @@ void Win_GParted::activate_resize()
        g_assert( selected_partition_ptr != NULL );  // Bug: Partition callback without a selected partition
        g_assert( valid_display_partition_ptr( selected_partition_ptr ) );  // Bug: Not pointing at a valid 
display partition object
 
-       std::vector<Partition> & display_partitions_ref = display_partitions;
+       std::vector<Partition> * display_partitions_ptr = &display_partitions;
        if ( selected_partition_ptr->type == TYPE_LOGICAL )
        {
                unsigned int ext = 0 ;
                while ( ext < display_partitions.size() && display_partitions[ext].type != TYPE_EXTENDED )
                        ext++;
-               display_partitions_ref = display_partitions[ext].logicals;
+               display_partitions_ptr = &display_partitions[ext].logicals;
        }
 
        Dialog_Partition_Resize_Move dialog( gparted_core.get_fs( selected_partition_ptr->filesystem ),
                                             *selected_partition_ptr,
-                                            display_partitions_ref );
+                                            *display_partitions_ptr );
        dialog .set_transient_for( *this ) ;    
                        
        if ( dialog .run() == Gtk::RESPONSE_OK )