st/texture-cache: Don't overwrite existing bind images on texture reset

If the icon surface of a window got updated and its type or format no longer match what we expect, st_texture_cache_reset_texture() might overwrite the existing image in the bind with a new image, while still keeping the weak ref on the old image. Due to this the old image might trigger a st_texture_cache_on_pixbuf_notify() after the bind has already been freed by g_signal_handlers_destroy() in the bind source. While this usually would remove the weak ref, the weak ref it tries to remove is on the new image, not the old one. The call to st_texture_cache_on_pixbuf_notify() then tries to read the already free'd memory from the bind which causes the cast to G_OBJECT to fail, resulting in the crash. Fixes https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/3785 Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1718>
2021-02-25 17:42:43 +01:00 · 2021-02-25 17:42:43 +01:00 · 606ec25f8b
commit 606ec25f8b
parent f6cfefa0be
1 changed files with 4 additions and 5 deletions
--- a/src/st/st-texture-cache.c
+++ b/src/st/st-texture-cache.c
@ -776,11 +776,10 @@ st_texture_cache_reset_texture (StTextureCachePropertyBind *bind,
      if (error)
        g_warning ("Failed to allocate texture: %s", error->message);
    }
-  else
-    bind->image = g_object_new (ST_TYPE_IMAGE_CONTENT,
-                                "preferred-width", 0, /* tough luck */
-                                "preferred-height", 0,
-                                NULL);
+  else if (!bind->image)
+    {
+      bind->image = st_image_content_new_with_preferred_size (0, 0);
+    }
 }

 static void