[geany/geany] 270700: Fix crash when plugin_set_key_group() is called several times by plugins (#1426)

Jiří Techet git-noreply at xxxxx
Sat Apr 15 10:48:03 UTC 2017 

Branch:      refs/heads/master
Author:      Jiří Techet <techet at gmail.com>
Committer:   elextr <elextr at gmail.com>
Date:        Sat, 15 Apr 2017 10:48:03 UTC
Commit:      2707006286fa52400776c24ad6c393d2459324fa
             https://github.com/geany/geany/commit/2707006286fa52400776c24ad6c393d2459324fa

Log Message:
-----------
Fix crash when plugin_set_key_group() is called several times by plugins (#1426)

When plugin calls plugin_set_key_group() several times for the same
group (when creating keybindings dynamically and needs to reset them),
it crashes with the current code the second time it gets called.

The reason is that group->plugin_keys is an array into which entries of
group->key_items point and when calling

g_ptr_array_set_size(group->key_items, 0);

it calls free_key_binding() for every item - when these items are
deallocated by g_free(group->plugin_keys) previously, calls of
free_key_binding() reference an invalid memory.

Just first resizing group->key_items (and calling free_key_binding() for
its items) and freeing group->plugin_keys afterwards fixes the problem.


Modified Paths:
--------------
    src/keybindings.c

Modified: src/keybindings.c
4 lines changed, 3 insertions(+), 1 deletions(-)
===================================================================
@@ -2697,10 +2697,12 @@ GeanyKeyGroup *keybindings_set_group(GeanyKeyGroup *group, const gchar *section_
 		group = g_new0(GeanyKeyGroup, 1);
 		add_kb_group(group, section_name, label, callback, TRUE);
 	}
+	/* Calls free_key_binding() for individual entries for plugins - has to be
+	 * called before g_free(group->plugin_keys) */
+	g_ptr_array_set_size(group->key_items, 0);
 	g_free(group->plugin_keys);
 	group->plugin_keys = g_new0(GeanyKeyBinding, count);
 	group->plugin_key_count = count;
-	g_ptr_array_set_size(group->key_items, 0);
 	return group;
 }
 



--------------
This E-Mail was brought to you by github_commit_mail.py (Source: https://github.com/geany/infrastructure).

More information about the Commits mailing list