[gnome-desktop] Fix heap-use-after-free with duplicate xkb layouts

From: Rui Matos <rtcm src gnome org>
To: commits-list gnome org
Cc:
Subject: [gnome-desktop] Fix heap-use-after-free with duplicate xkb layouts
Date: Tue, 25 Jul 2017 14:20:40 +0000 (UTC)

commit dda675941777a876c1e9b08f922de72d32e73273
Author: Jason Crain <jason inspiresomeone us>
Date:   Mon Jul 24 22:32:01 2017 -0500

    Fix heap-use-after-free with duplicate xkb layouts
    
    Debian's gnome-control-center can crash when show-all-sources is
    enabled.  When parse_end_element in gnome-xkb-info.c encounters
    duplicate layouts, it will free the memory for the first layout while it
    is still in a hash table.
    
    https://bugzilla.gnome.org/show_bug.cgi?id=785320

 libgnome-desktop/gnome-xkb-info.c |    6 ++++++
 1 files changed, 6 insertions(+), 0 deletions(-)
---
diff --git a/libgnome-desktop/gnome-xkb-info.c b/libgnome-desktop/gnome-xkb-info.c
index 0e6c69e..d6dfaff 100644
--- a/libgnome-desktop/gnome-xkb-info.c
+++ b/libgnome-desktop/gnome-xkb-info.c
@@ -405,6 +405,12 @@ parse_end_element (GMarkupParseContext  *context,
                                                     priv->current_parser_variant->xkb_name,
                                                     NULL);
 
+      if (g_hash_table_contains (priv->layouts_table, priv->current_parser_variant->id))
+        {
+          g_clear_pointer (&priv->current_parser_variant, free_layout);
+          return;
+        }
+
       g_hash_table_replace (priv->layouts_table,
                             priv->current_parser_variant->id,
                             priv->current_parser_variant);

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]