Branch: refs/heads/master Author: gkatev george_kate@hotmail.com Committer: gkatev george_kate@hotmail.com Date: Fri, 26 Apr 2024 13:58:26 UTC Commit: adaceb62c17a477a4e1b2a0711f682546acac058 https://github.com/geany/geany-plugins/commit/adaceb62c17a477a4e1b2a0711f682...
Log Message: ----------- codenav: Fix use-after-free in cached completion model
Add a reference when saving the completion model in the old_model var. Otherwise, when the entry field is destroyed the attached model's refcount drops to 0 and it's deallocated, resulting in a use-after-free when attempting to recover it in the next invocation.
Modified Paths: -------------- codenav/src/goto_file.c
Modified: codenav/src/goto_file.c 6 lines changed, 6 insertions(+), 0 deletions(-) =================================================================== @@ -163,8 +163,11 @@ directory_check(GtkEntry* entry, GtkEntryCompletion* completion) if (old_model != NULL) { /* Restore the no-sub-directory model */ log_debug("Restoring old model!"); + gtk_entry_completion_set_model (completion, old_model); + g_object_unref(old_model); old_model = NULL; + g_free(curr_dir); curr_dir = NULL; } @@ -185,7 +188,10 @@ directory_check(GtkEntry* entry, GtkEntryCompletion* completion)
/* Save the completion_mode for future restore. */ if (old_model == NULL) + { old_model = gtk_entry_completion_get_model(completion); + g_object_ref(old_model); + }
log_debug("New completion list!");
-------------- This E-Mail was brought to you by github_commit_mail.py (Source: https://github.com/geany/infrastructure).