[gtk/wip/carlosg/tablet-invalid-reads: 2/2] gdk: Avoid poking possibly freed memory

From: Carlos Garnacho <carlosg src gnome org>
To: commits-list gnome org
Cc:
Subject: [gtk/wip/carlosg/tablet-invalid-reads: 2/2] gdk: Avoid poking possibly freed memory
Date: Tue, 8 Oct 2019 16:01:05 +0000 (UTC)

commit bcd384711aab713d9928eb08fa0d1281b66bd659
Author: Carlos Garnacho <carlosg gnome org>
Date:   Tue Oct 8 17:50:48 2019 +0200

    gdk: Avoid poking possibly freed memory
    
    The event may end up freed after delivery, ensure to keep the data we need
    in order to emit the matching emulated crossed event matching a proximity
    event.
    
    Closes: https://gitlab.gnome.org/GNOME/gtk/issues/2157

 gdk/wayland/gdkdevice-wayland.c | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)
---
diff --git a/gdk/wayland/gdkdevice-wayland.c b/gdk/wayland/gdkdevice-wayland.c
index fa292d25a7..4773f63ffa 100644
--- a/gdk/wayland/gdkdevice-wayland.c
+++ b/gdk/wayland/gdkdevice-wayland.c
@@ -3468,6 +3468,8 @@ static void
 gdk_wayland_tablet_flush_frame_event (GdkWaylandTabletData *tablet,
                                       guint32               time)
 {
+  GdkEventType event_type;
+  GdkWindow *window;
   GdkEvent *event;
 
   event = tablet->pointer_info.frame.event;
@@ -3476,7 +3478,10 @@ gdk_wayland_tablet_flush_frame_event (GdkWaylandTabletData *tablet,
   if (!event)
     return;
 
-  switch (event->type)
+  event_type = event->type;
+  window = g_object_ref (gdk_event_get_window (event));
+
+  switch (event_type)
     {
     case GDK_MOTION_NOTIFY:
       event->motion.time = time;
@@ -3504,18 +3509,20 @@ gdk_wayland_tablet_flush_frame_event (GdkWaylandTabletData *tablet,
       return;
     }
 
-  if (event->type == GDK_PROXIMITY_OUT)
-    emulate_crossing (event->proximity.window, NULL, tablet->master,
+  if (event_type == GDK_PROXIMITY_OUT)
+    emulate_crossing (window, NULL, tablet->master,
                       tablet->current_device, GDK_LEAVE_NOTIFY,
                       GDK_CROSSING_NORMAL, time);
 
   _gdk_wayland_display_deliver_event (gdk_seat_get_display (tablet->seat),
                                       event);
 
-  if (event->type == GDK_PROXIMITY_IN)
-    emulate_crossing (event->proximity.window, NULL, tablet->master,
+  if (event_type == GDK_PROXIMITY_IN)
+    emulate_crossing (window, NULL, tablet->master,
                       tablet->current_device, GDK_ENTER_NOTIFY,
                       GDK_CROSSING_NORMAL, time);
+
+  g_object_unref (window);
 }
 
 static GdkEvent *

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]