[gnome-shell/wip/fmuellner/guard-shadow-pipeline-from-actor-call] st: Guard against spec being invalided during shadow creation

From: Florian Müllner <fmuellner src gnome org>
To: commits-list gnome org
Cc:
Subject: [gnome-shell/wip/fmuellner/guard-shadow-pipeline-from-actor-call] st: Guard against spec being invalided during shadow creation
Date: Tue, 20 Feb 2018 16:42:07 +0000 (UTC)

commit 9d133d8ebbf9d99db0a02eaa6843c7e43cdec480
Author: Florian Müllner <fmuellner gnome org>
Date:   Tue Feb 20 17:23:16 2018 +0100

    st: Guard against spec being invalided during shadow creation
    
    If an actor is pending a relaying when get_allocation_box() is called,
    the method forces an allocation update. In case of StWidget, this might
    then result in a style update and a consecutive invalidation of the
    shadow spec - we will then try to create a shadow specified by random
    memory, with undefined (though likely fatal) consequences.
    
    Guard against this by taking a temporary reference during the function
    call.
    
    https://bugzilla.gnome.org/show_bug.cgi?id=788908

 src/st/st-private.c | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)
---
diff --git a/src/st/st-private.c b/src/st/st-private.c
index be78833e7..df94751bf 100644
--- a/src/st/st-private.c
+++ b/src/st/st-private.c
@@ -417,11 +417,17 @@ _st_create_shadow_pipeline_from_actor (StShadow     *shadow_spec,
   ClutterActorBox box;
   float width, height;
 
+  /* Querying the actor's allocation may force an allocation update, which
+   * may cause a style update, which then may invalidate shadow_spec; make
+   * sure the spec is kept alive by taking a temporary reference
+   */
+  st_shadow_spec_ref (shadow_spec);
+
   clutter_actor_get_allocation_box (actor, &box);
   clutter_actor_box_get_size (&box, &width, &height);
 
   if (width == 0 || height == 0)
-    return NULL;
+    goto out;
 
   if (CLUTTER_IS_TEXTURE (actor))
     {
@@ -448,7 +454,7 @@ _st_create_shadow_pipeline_from_actor (StShadow     *shadow_spec,
                                            COGL_PIXEL_FORMAT_ANY);
 
       if (buffer == NULL)
-        return NULL;
+        goto out;
 
       offscreen = cogl_offscreen_new_with_texture (buffer);
       fb = COGL_FRAMEBUFFER (offscreen);
@@ -458,7 +464,7 @@ _st_create_shadow_pipeline_from_actor (StShadow     *shadow_spec,
           cogl_error_free (catch_error);
           cogl_object_unref (offscreen);
           cogl_object_unref (buffer);
-          return NULL;
+          goto out;
         }
 
       cogl_color_init_from_4ub (&clear_color, 0, 0, 0, 0);
@@ -488,6 +494,8 @@ _st_create_shadow_pipeline_from_actor (StShadow     *shadow_spec,
       cogl_object_unref (buffer);
     }
 
+  st_shadow_spec_unref (shadow_spec);
+
   return shadow_pipeline;
 }

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]