hyprwm/wlroots-hyprland
1
0
Fork 0
mirror of https://github.com/hyprwm/wlroots-hyprland.git synced 2024-11-02 11:55:59 +01:00
Code Issues Projects Releases Packages Wiki Activity

Fix use-after-free when destroying selection sources

Browse source
This commit is contained in:
emersion 2017-12-25 18:18:26 +01:00
parent cdc21cdcff
commit 4a11609b76
No known key found for this signature in database
GPG key ID: 0FDE7BE0E88F5E48
5 changed files with 37 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
include/wlr/types/wlr_data_device.h
View file

@ -126,4 +126,6 @@ void wlr_seat_set_selection(struct wlr_seat *seat,
void wlr_data_source_init(struct wlr_data_source *source); void wlr_data_source_init(struct wlr_data_source *source);
void wlr_data_source_finish(struct wlr_data_source *source);
#endif #endif

2
include/wlr/types/wlr_primary_selection.h
View file

@ -52,5 +52,7 @@ void wlr_seat_set_primary_selection(struct wlr_seat *seat,
void wlr_primary_selection_source_init( void wlr_primary_selection_source_init(
struct wlr_primary_selection_source *source); struct wlr_primary_selection_source *source);
void wlr_primary_selection_source_finish(
struct wlr_primary_selection_source *source);
#endif #endif

25
types/wlr_data_device.c
View file

@ -856,16 +856,7 @@ void data_device_manager_get_data_device(struct wl_client *client,
static void data_source_resource_destroy(struct wl_resource *resource) { static void data_source_resource_destroy(struct wl_resource *resource) {
struct wlr_data_source *source = struct wlr_data_source *source =
wl_resource_get_user_data(resource); wl_resource_get_user_data(resource);
char **p; wlr_data_source_finish(source);
wl_signal_emit(&source->events.destroy, source);
wl_array_for_each(p, &source->mime_types) {
free(*p);
}
wl_array_release(&source->mime_types);
free(source); free(source);
} }
@ -932,6 +923,20 @@ void wlr_data_source_init(struct wlr_data_source *source) {
wl_signal_init(&source->events.destroy); wl_signal_init(&source->events.destroy);
} }
void wlr_data_source_finish(struct wlr_data_source *source) {
if (source == NULL) {
return;
}
wl_signal_emit(&source->events.destroy, source);
char **p;
wl_array_for_each(p, &source->mime_types) {
free(*p);
}
wl_array_release(&source->mime_types);
}
static void data_device_manager_create_data_source(struct wl_client *client, static void data_device_manager_create_data_source(struct wl_client *client,
struct wl_resource *resource, uint32_t id) { struct wl_resource *resource, uint32_t id) {
struct wlr_data_source *source = calloc(1, sizeof(struct wlr_data_source)); struct wlr_data_source *source = calloc(1, sizeof(struct wlr_data_source));

25
types/wlr_primary_selection.c
View file

@ -144,15 +144,7 @@ static const struct gtk_primary_selection_source_interface source_impl = {
static void source_resource_handle_destroy(struct wl_resource *resource) { static void source_resource_handle_destroy(struct wl_resource *resource) {
struct wlr_primary_selection_source *source = struct wlr_primary_selection_source *source =
wl_resource_get_user_data(resource); wl_resource_get_user_data(resource);
wlr_primary_selection_source_finish(source);
wl_signal_emit(&source->events.destroy, source);
char **p;
wl_array_for_each(p, &source->mime_types) {
free(*p);
}
wl_array_release(&source->mime_types);
free(source); free(source);
} }
@ -268,6 +260,21 @@ void wlr_primary_selection_source_init(
wl_signal_init(&source->events.destroy); wl_signal_init(&source->events.destroy);
} }
void wlr_primary_selection_source_finish(
struct wlr_primary_selection_source *source) {
if (source == NULL) {
return;
}
wl_signal_emit(&source->events.destroy, source);
char **p;
wl_array_for_each(p, &source->mime_types) {
free(*p);
}
wl_array_release(&source->mime_types);
}
static void device_manager_handle_create_source(struct wl_client *client, static void device_manager_handle_create_source(struct wl_client *client,
struct wl_resource *manager_resource, uint32_t id) { struct wl_resource *manager_resource, uint32_t id) {
struct wlr_primary_selection_source *source = struct wlr_primary_selection_source *source =

2
xwayland/selection.c
View file

@ -508,6 +508,7 @@ static void data_source_send(struct wlr_data_source *base,
static void data_source_cancel(struct wlr_data_source *base) { static void data_source_cancel(struct wlr_data_source *base) {
struct x11_data_source *source = (struct x11_data_source *)base; struct x11_data_source *source = (struct x11_data_source *)base;
wlr_data_source_finish(&source->base);
wl_array_release(&source->mime_types_atoms); wl_array_release(&source->mime_types_atoms);
free(source); free(source);
} }
@ -533,6 +534,7 @@ static void primary_selection_source_cancel(
struct wlr_primary_selection_source *base) { struct wlr_primary_selection_source *base) {
struct x11_primary_selection_source *source = struct x11_primary_selection_source *source =
(struct x11_primary_selection_source *)base; (struct x11_primary_selection_source *)base;
wlr_primary_selection_source_finish(&source->base);
wl_array_release(&source->mime_types_atoms); wl_array_release(&source->mime_types_atoms);
free(source); free(source);
} }