[epiphany/mcatanzaro/#1092] session: improve robustness when parsing session

[Michael Catanzaro <mcatanzaro src gnome org>]

commit c695c9595bc366121e5f3bd787209311bf778d01
Author: Michael Catanzaro <mcatanzaro gnome org>
Date:   Sun Feb 9 12:41:02 2020 -0600

    session: improve robustness when parsing session
    
    This is a second try at 32ecc861. This time, account for the fact that
    EphyWindow can be destroyed at the GTK level even if it still has an
    outstanding ref, and that will cause the last ref of the GtkNotebook to
    be destroyed. So instead of holding a ref, let's check for window
    destruction instead.
    
    We should also account for the possibility that the session state is
    malformed, listing <window> or <embed> tags in nonsensical places.
    Previously, the correctness of this code relied on valid input. Now, we
    should be robust to problematic input.
    
    Lastly, note 32ecc861 had introduced a memory leak, because
    context->window was set to NULL in session_end_element() without an
    unref.
    
    Fixes #1092

 src/ephy-session.c | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)
---
diff --git a/src/ephy-session.c b/src/ephy-session.c
index 3a4139736..c5d9fa068 100644
--- a/src/ephy-session.c
+++ b/src/ephy-session.c
@@ -1075,6 +1075,7 @@ typedef struct {
   guint32 user_time;
 
   EphyWindow *window;
+  guint destroy_id;
   gboolean is_first_window;
   gint active_tab;
 
@@ -1100,6 +1101,11 @@ session_parser_context_free (SessionParserContext *context)
 {
   g_object_unref (context->session);
 
+  if (context->window) {
+    /* This can only happen if the session state is malformed. */
+    g_signal_handler_disconnect (context->destroy_id);
+  }
+
   g_free (context);
 }
 
@@ -1111,7 +1117,13 @@ session_parse_window (SessionParserContext  *context,
   GdkRectangle geometry = { -1, -1, 0, 0 };
   guint i;
 
+  if (context->window) {
+    /* This should only happen if the session state is malformed. */
+    return;
+  }
+
   context->window = ephy_window_new ();
+  g_signal_connect (context->window, "destroy", G_CALLBACK (gtk_widget_destroyed), &context->window);
 
   for (i = 0; names[i]; i++) {
     gulong int_value;
@@ -1154,6 +1166,13 @@ session_parse_embed (SessionParserContext  *context,
   gboolean is_pin = FALSE;
   guint i;
 
+  if (!context->window) {
+    /* This can happen if the session is malformed, or if the window is
+     * destroyed before the session finishes loading.
+     */
+    return;
+  }
+
   notebook = ephy_window_get_notebook (context->window);
 
   for (i = 0; names[i]; i++) {
@@ -1283,6 +1302,13 @@ session_end_element (GMarkupParseContext  *ctx,
     GtkWidget *notebook;
     EphyEmbedShell *shell = ephy_embed_shell_get_default ();
 
+    if (!context->window) {
+      /* This can happen if the session is malformed, or if the window is
+       * destroyed before the session finishes loading.
+       */
+      return;
+    }
+
     notebook = ephy_window_get_notebook (context->window);
     gtk_notebook_set_current_page (GTK_NOTEBOOK (notebook), context->active_tab);
 
@@ -1297,6 +1323,7 @@ session_end_element (GMarkupParseContext  *ctx,
 
     ephy_embed_shell_restored_window (shell);
 
+    g_clear_signal_handler (&context->destroy_id, context->window);
     context->window = NULL;
     context->active_tab = 0;
     context->is_first_window = FALSE;