From 606ec25f8b67a88388f12b548b1ad80396371b4c Mon Sep 17 00:00:00 2001 From: Sebastian Keller Date: Thu, 25 Feb 2021 17:42:43 +0100 Subject: [PATCH] st/texture-cache: Don't overwrite existing bind images on texture reset If the icon surface of a window got updated and its type or format no longer match what we expect, st_texture_cache_reset_texture() might overwrite the existing image in the bind with a new image, while still keeping the weak ref on the old image. Due to this the old image might trigger a st_texture_cache_on_pixbuf_notify() after the bind has already been freed by g_signal_handlers_destroy() in the bind source. While this usually would remove the weak ref, the weak ref it tries to remove is on the new image, not the old one. The call to st_texture_cache_on_pixbuf_notify() then tries to read the already free'd memory from the bind which causes the cast to G_OBJECT to fail, resulting in the crash. Fixes https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/3785 Part-of: --- src/st/st-texture-cache.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/src/st/st-texture-cache.c b/src/st/st-texture-cache.c index 07b1166a1..b27cac4c1 100644 --- a/src/st/st-texture-cache.c +++ b/src/st/st-texture-cache.c @@ -776,11 +776,10 @@ st_texture_cache_reset_texture (StTextureCachePropertyBind *bind, if (error) g_warning ("Failed to allocate texture: %s", error->message); } - else - bind->image = g_object_new (ST_TYPE_IMAGE_CONTENT, - "preferred-width", 0, /* tough luck */ - "preferred-height", 0, - NULL); + else if (!bind->image) + { + bind->image = st_image_content_new_with_preferred_size (0, 0); + } } static void