[mutter] sound-player: Fix invalid write after playback is cancelled early

From: Carlos Garnacho <carlosg src gnome org>
To: commits-list gnome org
Cc:
Subject: [mutter] sound-player: Fix invalid write after playback is cancelled early
Date: Fri, 21 Feb 2020 16:16:35 +0000 (UTC)

commit aedcfcd0108814dc6b8b7377d9ef3062d7dea390
Author: Sebastian Keller <skeller gnome org>
Date:   Fri Feb 21 10:14:01 2020 +0100

    sound-player: Fix invalid write after playback is cancelled early
    
    The cancellable of a request might already be cancelled by the time
    the cancelled_cb is connected resulting in finish_cb being called via
    ca_context_cancel before g_cancellable_connect returns. In this case
    the request that is written to has already been freed.
    
    Fixes https://gitlab.gnome.org/GNOME/mutter/issues/1060

 src/core/meta-sound-player.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)
---
diff --git a/src/core/meta-sound-player.c b/src/core/meta-sound-player.c
index 87090034e..00f110f75 100644
--- a/src/core/meta-sound-player.c
+++ b/src/core/meta-sound-player.c
@@ -140,9 +140,11 @@ play_sound (MetaPlayRequest *req,
 
   if (req->cancellable)
     {
-      req->cancel_id =
+      gulong cancel_id =
         g_cancellable_connect (req->cancellable,
                                G_CALLBACK (cancelled_cb), req, NULL);
+      if (cancel_id)
+        req->cancel_id = cancel_id;
     }
 }

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]