[gtk/gtk-3-24] file-system-model: Avoid use-after free

[Matthias Clasen <matthiasc src gnome org>]

commit 326077d2edd2450879a58e5b31f554b9084a7bdc
Author: Peter Bloomfield <PeterBloomfield bellsouth net>
Date:   Sat Apr 25 17:26:22 2020 -0400

    file-system-model: Avoid use-after free
    
    This is a possible fix for https://gitlab.gnome.org/GNOME/gtk/-/issues/2657
    
    Use a NULL return from g_file_query_info_finish() to detect cancellation
    of the query, and avoid derferencing a stale pointer.

 gtk/gtkfilesystemmodel.c | 45 ++++++++++++++++++++++++++++++++-------------
 1 file changed, 32 insertions(+), 13 deletions(-)
---
diff --git a/gtk/gtkfilesystemmodel.c b/gtk/gtkfilesystemmodel.c
index 6a304a358a..67a34806e6 100644
--- a/gtk/gtkfilesystemmodel.c
+++ b/gtk/gtkfilesystemmodel.c
@@ -1212,28 +1212,38 @@ gtk_file_system_model_got_files (GObject *object, GAsyncResult *res, gpointer da
   gdk_threads_leave ();
 }
 
+/* Helper for gtk_file_system_model_query_done and
+ * gtk_file_system_model_one_query_done */
+static void
+query_done_helper (GtkFileSystemModel *model,
+                   GFile              *file,
+                   GFileInfo          *info)
+{
+  guint id;
+
+  _gtk_file_system_model_update_file (model, file, info);
+
+  id = node_get_for_file (model, file);
+  gtk_file_system_model_sort_node (model, id);
+}
+
 static void
 gtk_file_system_model_query_done (GObject *     object,
                                   GAsyncResult *res,
                                   gpointer      data)
 {
-  GtkFileSystemModel *model = data; /* only a valid pointer if not cancelled */
   GFile *file = G_FILE (object);
   GFileInfo *info;
-  guint id;
 
   info = g_file_query_info_finish (file, res, NULL);
-  if (info == NULL)
-    return;
 
   gdk_threads_enter ();
 
-  _gtk_file_system_model_update_file (model, file, info);
-
-  id = node_get_for_file (model, file);
-  gtk_file_system_model_sort_node (model, id);
-
-  g_object_unref (info);
+  if (info != NULL)
+    {
+      query_done_helper (GTK_FILE_SYSTEM_MODEL (data), file, info);
+      g_object_unref (info);
+    }
 
   gdk_threads_leave ();
 }
@@ -2156,10 +2166,19 @@ gtk_file_system_model_one_query_done (GObject *     object,
                                       GAsyncResult *res,
                                       gpointer      data)
 {
-  GtkFileSystemModel *model = data; /* only a valid pointer if not cancelled */
+  GFile *file = G_FILE (object);
+  GFileInfo *info;
 
-  gtk_file_system_model_query_done (object, res, data);
-  thaw_updates (model);
+  info = g_file_query_info_finish (file, res, NULL);
+
+  if (info != NULL)
+    {
+      GtkFileSystemModel *model = GTK_FILE_SYSTEM_MODEL (data);
+
+      query_done_helper (model, file, info);
+      g_object_unref (info);
+      thaw_updates (model);
+    }
 }
 
 void