diff options
| author | Matthew Leeds <matthew.leeds@endlessm.com> | 2019-09-01 10:00:58 -0700 |
|---|---|---|
| committer | Atomic Bot <atomic-devel@projectatomic.io> | 2019-09-09 10:01:15 +0000 |
| commit | 20c9d8477d1e16417e085864da818c5f323c185a (patch) | |
| tree | 4aba32881f1ecbe18bf4b67f36ab00b5b30de2b8 | |
| parent | f88a9d958553195b1b32d644231969fe98844501 (diff) | |
| download | flatpak-20c9d8477d1e16417e085864da818c5f323c185a.tar.gz | |
app: Fix a use-after-free in flatpak_find_installed_pref()
Currently "flatpak --installation=default info ..." leads to an
assertion failure:
$ flatpak --installation=default info us.zoom.Zoom
(flatpak info:24593): GLib-GObject-CRITICAL **: 10:01:36.040: g_object_ref: assertion 'G_IS_OBJECT (object)' failed
This is because in flatpak_find_installed_pref(), we set "dir =
installation_dir" but then installation_dir is freed by g_autoptr before
we try to return dir.
Fix the problem by stealing the pointer, and doing the same for the
other places dir is set.
Closes: #3077
Approved by: alexlarsson
| -rw-r--r-- | app/flatpak-builtins-utils.c | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/app/flatpak-builtins-utils.c b/app/flatpak-builtins-utils.c index a9125faf..d7e7d085 100644 --- a/app/flatpak-builtins-utils.c +++ b/app/flatpak-builtins-utils.c @@ -101,9 +101,9 @@ flatpak_find_installed_pref (const char *pref, FlatpakKinds kinds, const char *d g_autofree char *arch = NULL; g_autofree char *branch = NULL; g_autoptr(GError) lookup_error = NULL; - FlatpakDir *dir = NULL; g_autofree char *ref = NULL; FlatpakKinds kind = 0; + g_autoptr(FlatpakDir) dir = NULL; g_autoptr(FlatpakDir) user_dir = NULL; g_autoptr(FlatpakDir) system_dir = NULL; g_autoptr(GPtrArray) system_dirs = NULL; @@ -123,7 +123,7 @@ flatpak_find_installed_pref (const char *pref, FlatpakKinds kinds, const char *d kinds, &kind, &lookup_error); if (ref) - dir = user_dir; + dir = g_steal_pointer (&user_dir); if (g_error_matches (lookup_error, G_IO_ERROR, G_IO_ERROR_FAILED)) { @@ -154,7 +154,7 @@ flatpak_find_installed_pref (const char *pref, FlatpakKinds kinds, const char *d &lookup_error); if (ref) { - dir = system_dir; + dir = g_object_ref (system_dir); break; } @@ -191,7 +191,7 @@ flatpak_find_installed_pref (const char *pref, FlatpakKinds kinds, const char *d &lookup_error); if (ref) { - dir = installation_dir; + dir = g_steal_pointer (&installation_dir); break; } @@ -218,7 +218,7 @@ flatpak_find_installed_pref (const char *pref, FlatpakKinds kinds, const char *d &lookup_error); if (ref) - dir = system_dir; + dir = g_steal_pointer (&system_dir); } } @@ -229,7 +229,7 @@ flatpak_find_installed_pref (const char *pref, FlatpakKinds kinds, const char *d } *out_ref = g_steal_pointer (&ref); - return g_object_ref (dir); + return g_steal_pointer (&dir); } |