GNOME.org
 

[gnome-software/wip/jrocha/fix_popular_override: 1/4] gs-plugin-loader: Prevent potential abuse of an app list in refine_internal

commit e5e9d1e4787cc16c23139d739bf5bb5895f4bd75
Author: Joaquim Rocha <jrocha endlessm com>
Date:   Fri Mar 31 21:06:37 2017 +0200

    gs-plugin-loader: Prevent potential abuse of an app list in refine_internal
    
    The list of apps that was looped over for calling the refine in each app
    was also being passed to the refine functions. This could lead to
    problems if the function affected the list (removed or added apps).
    
    This patch fixes that issue by using a copy of the list in the loop.

 lib/gs-plugin-loader.c |   12 ++++++++++--
 1 files changed, 10 insertions(+), 2 deletions(-)
---
diff --git a/lib/gs-plugin-loader.c b/lib/gs-plugin-loader.c
index 319fbe6..5f6f5f3 100644
--- a/lib/gs-plugin-loader.c
+++ b/lib/gs-plugin-loader.c
@@ -700,6 +700,7 @@ gs_plugin_loader_run_refine_internal (GsPluginLoaderJob *job,
        for (i = 0; i < priv->plugins->len; i++) {
                g_autoptr(AsProfileTask) ptask = NULL;
                GsPlugin *plugin = g_ptr_array_index (priv->plugins, i);
+               g_autoptr(GsAppList) app_list = NULL;
 
                /* run the batched plugin symbol then the per-app plugin */
                job->function_name = "gs_plugin_refine";
@@ -707,8 +708,15 @@ gs_plugin_loader_run_refine_internal (GsPluginLoaderJob *job,
                                                  cancellable, error)) {
                        return FALSE;
                }
-               for (j = 0; j < gs_app_list_length (list); j++) {
-                       app = gs_app_list_index (list, j);
+
+               /* use a copy of the list for the loop because a function called
+                * on the plugin may affect the list which can lead to problems
+                * (e.g. inserting an app in the list on every call results in
+                * an infinite loop) */
+               app_list = gs_app_list_new();
+               gs_app_list_add_list (app_list, list);
+               for (j = 0; j < gs_app_list_length (app_list); j++) {
+                       app = gs_app_list_index (app_list, j);
                        if (!gs_app_has_quirk (app, AS_APP_QUIRK_MATCH_ANY_PREFIX)) {
                                job->function_name = "gs_plugin_refine_app";
                        } else {
[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]