brl/mutter
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

keybindings: fix invalid read after a keybinding is removed

Browse Source 
The handler pointer is dangling in MetaKeyBinding until
rebuild_key_binding_table() is run, so we can't dereference it.
Because we only need the flags at ungrab time, store a copy
in the MetaKeyBinding structure.

https://bugzilla.gnome.org/show_bug.cgi?id=724402
This commit is contained in:
Giovanni Campagna 2014-02-26 00:47:11 +01:00
parent d85845426c
commit ac0c7df4a3
2 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/core/keybindings-private.h
View File

@ -47,6 +47,7 @@ struct _MetaKeyBinding
KeyCode keycode;
unsigned int mask;
MetaVirtualModifier modifiers;
gint flags;
MetaKeyHandler *handler;
};

5
src/core/keybindings.c
View File

@ -603,6 +603,7 @@ rebuild_binding_table (MetaDisplay *display,
(*bindings_p)[i].name = pref->name;
(*bindings_p)[i].handler = handler;
(*bindings_p)[i].flags = handler->flags;
(*bindings_p)[i].keysym = combo->keysym;
(*bindings_p)[i].keycode = combo->keycode;
(*bindings_p)[i].modifiers = combo->modifiers;
@ -619,6 +620,7 @@ rebuild_binding_table (MetaDisplay *display,
(*bindings_p)[i].name = pref->name;
(*bindings_p)[i].handler = handler;
(*bindings_p)[i].flags = handler->flags;
(*bindings_p)[i].keysym = combo->keysym;
(*bindings_p)[i].keycode = combo->keycode;
(*bindings_p)[i].modifiers = combo->modifiers |
@ -645,6 +647,7 @@ rebuild_binding_table (MetaDisplay *display,
(*bindings_p)[i].name = grab->name;
(*bindings_p)[i].handler = handler;
(*bindings_p)[i].flags = handler->flags;
(*bindings_p)[i].keysym = grab->combo->keysym;
(*bindings_p)[i].keycode = grab->combo->keycode;
(*bindings_p)[i].modifiers = grab->combo->modifiers;
@ -1160,7 +1163,7 @@ change_binding_keygrabs (MetaKeyBinding *bindings,
while (i < n_bindings)
{
if (!!binding_per_window ==
!!(bindings[i].handler->flags & META_KEY_BINDING_PER_WINDOW) &&
!!(bindings[i].flags & META_KEY_BINDING_PER_WINDOW) &&
bindings[i].keycode != 0)
{
meta_change_keygrab (display, xwindow, grab,