summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/gnome-desktop/gnome-desktop-thumbnail-script.c6
-rw-r--r--src/gnome-desktop/gnome-desktop-thumbnail.c6
2 files changed, 9 insertions, 3 deletions
diff --git a/src/gnome-desktop/gnome-desktop-thumbnail-script.c b/src/gnome-desktop/gnome-desktop-thumbnail-script.c
index 525766388..8e8b87653 100644
--- a/src/gnome-desktop/gnome-desktop-thumbnail-script.c
+++ b/src/gnome-desktop/gnome-desktop-thumbnail-script.c
@@ -343,7 +343,7 @@ setup_seccomp (GPtrArray *argv_array,
{SCMP_SYS (clone), &SCMP_A0 (SCMP_CMP_MASKED_EQ, CLONE_NEWUSER, CLONE_NEWUSER)},
/* Don't allow faking input to the controlling tty (CVE-2017-5226) */
- {SCMP_SYS (ioctl), &SCMP_A1(SCMP_CMP_EQ, (int)TIOCSTI)},
+ {SCMP_SYS (ioctl), &SCMP_A1(SCMP_CMP_MASKED_EQ, 0xFFFFFFFFu, (int)TIOCSTI)},
};
struct
@@ -565,6 +565,10 @@ add_bwrap (GPtrArray *array,
}
}
+ /* fontconfig cache if necessary */
+ if (!g_str_has_prefix (FONTCONFIG_CACHE_PATH, "/usr/"))
+ add_args (array, "--ro-bind-try", FONTCONFIG_CACHE_PATH, FONTCONFIG_CACHE_PATH, NULL);
+
add_args (array,
"--proc", "/proc",
"--dev", "/dev",
diff --git a/src/gnome-desktop/gnome-desktop-thumbnail.c b/src/gnome-desktop/gnome-desktop-thumbnail.c
index f48fd461a..566fbeb84 100644
--- a/src/gnome-desktop/gnome-desktop-thumbnail.c
+++ b/src/gnome-desktop/gnome-desktop-thumbnail.c
@@ -967,8 +967,10 @@ get_preview_thumbnail (const char *uri,
if (file_info == NULL)
return NULL;
- object = g_object_ref (g_file_info_get_attribute_object (file_info,
- G_FILE_ATTRIBUTE_PREVIEW_ICON));
+ object = g_file_info_get_attribute_object (file_info,
+ G_FILE_ATTRIBUTE_PREVIEW_ICON);
+ if (object)
+ g_object_ref (object);
g_object_unref (file_info);
if (!object)