From 2aa9d7bdc78703fc9a6354d2e54f880fde96db39 Mon Sep 17 00:00:00 2001
From: Emmanuele Bassi <ebassi@linux.intel.com>
Date: Tue, 5 Jan 2010 10:55:28 +0000
Subject: [PATCH] script: Copy the JSON node in PropertyInfo

PropertyInfo should store a copy of the JsonNodes it references, so
that property_info_free() can safely dispose them, and we can reference
values across different UI definition data.

The implicit timeline parsing code is not copying the JsonNode; this
leads to a double free in some cases, which is masked by the GSlice
allocator and produces a heap corruption later on.
---
 clutter/clutter-script-parser.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/clutter/clutter-script-parser.c b/clutter/clutter-script-parser.c
index 980d45412..a33702c7e 100644
--- a/clutter/clutter-script-parser.c
+++ b/clutter/clutter-script-parser.c
@@ -707,7 +707,7 @@ construct_timeline (ClutterScript *script,
       PropertyInfo *pinfo = g_slice_new0 (PropertyInfo);
 
       pinfo->name = g_strdelimit (g_strdup (name), G_STR_DELIMITERS, '-');
-      pinfo->node = node;
+      pinfo->node = json_node_copy (node);
 
       oinfo->properties = g_list_prepend (oinfo->properties, pinfo);
     }