diff options
-rw-r--r-- | src/gnome-desktop/gnome-desktop-thumbnail-script.c | 6 | ||||
-rw-r--r-- | src/gnome-desktop/gnome-desktop-thumbnail.c | 6 |
2 files changed, 9 insertions, 3 deletions
diff --git a/src/gnome-desktop/gnome-desktop-thumbnail-script.c b/src/gnome-desktop/gnome-desktop-thumbnail-script.c index 525766388..8e8b87653 100644 --- a/src/gnome-desktop/gnome-desktop-thumbnail-script.c +++ b/src/gnome-desktop/gnome-desktop-thumbnail-script.c @@ -343,7 +343,7 @@ setup_seccomp (GPtrArray *argv_array, {SCMP_SYS (clone), &SCMP_A0 (SCMP_CMP_MASKED_EQ, CLONE_NEWUSER, CLONE_NEWUSER)}, /* Don't allow faking input to the controlling tty (CVE-2017-5226) */ - {SCMP_SYS (ioctl), &SCMP_A1(SCMP_CMP_EQ, (int)TIOCSTI)}, + {SCMP_SYS (ioctl), &SCMP_A1(SCMP_CMP_MASKED_EQ, 0xFFFFFFFFu, (int)TIOCSTI)}, }; struct @@ -565,6 +565,10 @@ add_bwrap (GPtrArray *array, } } + /* fontconfig cache if necessary */ + if (!g_str_has_prefix (FONTCONFIG_CACHE_PATH, "/usr/")) + add_args (array, "--ro-bind-try", FONTCONFIG_CACHE_PATH, FONTCONFIG_CACHE_PATH, NULL); + add_args (array, "--proc", "/proc", "--dev", "/dev", diff --git a/src/gnome-desktop/gnome-desktop-thumbnail.c b/src/gnome-desktop/gnome-desktop-thumbnail.c index f48fd461a..566fbeb84 100644 --- a/src/gnome-desktop/gnome-desktop-thumbnail.c +++ b/src/gnome-desktop/gnome-desktop-thumbnail.c @@ -967,8 +967,10 @@ get_preview_thumbnail (const char *uri, if (file_info == NULL) return NULL; - object = g_object_ref (g_file_info_get_attribute_object (file_info, - G_FILE_ATTRIBUTE_PREVIEW_ICON)); + object = g_file_info_get_attribute_object (file_info, + G_FILE_ATTRIBUTE_PREVIEW_ICON); + if (object) + g_object_ref (object); g_object_unref (file_info); if (!object) |