mirror of
https://github.com/brl/mutter.git
synced 2024-12-25 04:22:05 +00:00
keybindings: fix invalid read after a keybinding is removed
The handler pointer is dangling in MetaKeyBinding until rebuild_key_binding_table() is run, so we can't dereference it. Because we only need the flags at ungrab time, store a copy in the MetaKeyBinding structure. https://bugzilla.gnome.org/show_bug.cgi?id=724402
This commit is contained in:
parent
1e01a55cdc
commit
682d6f9ee2
@ -47,6 +47,7 @@ struct _MetaKeyBinding
|
|||||||
KeyCode keycode;
|
KeyCode keycode;
|
||||||
unsigned int mask;
|
unsigned int mask;
|
||||||
MetaVirtualModifier modifiers;
|
MetaVirtualModifier modifiers;
|
||||||
|
gint flags;
|
||||||
MetaKeyHandler *handler;
|
MetaKeyHandler *handler;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -607,6 +607,7 @@ rebuild_binding_table (MetaDisplay *display,
|
|||||||
|
|
||||||
(*bindings_p)[i].name = pref->name;
|
(*bindings_p)[i].name = pref->name;
|
||||||
(*bindings_p)[i].handler = handler;
|
(*bindings_p)[i].handler = handler;
|
||||||
|
(*bindings_p)[i].flags = handler->flags;
|
||||||
(*bindings_p)[i].keysym = combo->keysym;
|
(*bindings_p)[i].keysym = combo->keysym;
|
||||||
(*bindings_p)[i].keycode = combo->keycode;
|
(*bindings_p)[i].keycode = combo->keycode;
|
||||||
(*bindings_p)[i].modifiers = combo->modifiers;
|
(*bindings_p)[i].modifiers = combo->modifiers;
|
||||||
@ -623,6 +624,7 @@ rebuild_binding_table (MetaDisplay *display,
|
|||||||
|
|
||||||
(*bindings_p)[i].name = pref->name;
|
(*bindings_p)[i].name = pref->name;
|
||||||
(*bindings_p)[i].handler = handler;
|
(*bindings_p)[i].handler = handler;
|
||||||
|
(*bindings_p)[i].flags = handler->flags;
|
||||||
(*bindings_p)[i].keysym = combo->keysym;
|
(*bindings_p)[i].keysym = combo->keysym;
|
||||||
(*bindings_p)[i].keycode = combo->keycode;
|
(*bindings_p)[i].keycode = combo->keycode;
|
||||||
(*bindings_p)[i].modifiers = combo->modifiers |
|
(*bindings_p)[i].modifiers = combo->modifiers |
|
||||||
@ -649,6 +651,7 @@ rebuild_binding_table (MetaDisplay *display,
|
|||||||
|
|
||||||
(*bindings_p)[i].name = grab->name;
|
(*bindings_p)[i].name = grab->name;
|
||||||
(*bindings_p)[i].handler = handler;
|
(*bindings_p)[i].handler = handler;
|
||||||
|
(*bindings_p)[i].flags = handler->flags;
|
||||||
(*bindings_p)[i].keysym = grab->combo->keysym;
|
(*bindings_p)[i].keysym = grab->combo->keysym;
|
||||||
(*bindings_p)[i].keycode = grab->combo->keycode;
|
(*bindings_p)[i].keycode = grab->combo->keycode;
|
||||||
(*bindings_p)[i].modifiers = grab->combo->modifiers;
|
(*bindings_p)[i].modifiers = grab->combo->modifiers;
|
||||||
@ -1164,7 +1167,7 @@ change_binding_keygrabs (MetaKeyBinding *bindings,
|
|||||||
while (i < n_bindings)
|
while (i < n_bindings)
|
||||||
{
|
{
|
||||||
if (!!binding_per_window ==
|
if (!!binding_per_window ==
|
||||||
!!(bindings[i].handler->flags & META_KEY_BINDING_PER_WINDOW) &&
|
!!(bindings[i].flags & META_KEY_BINDING_PER_WINDOW) &&
|
||||||
bindings[i].keycode != 0)
|
bindings[i].keycode != 0)
|
||||||
{
|
{
|
||||||
meta_change_keygrab (display, xwindow, grab,
|
meta_change_keygrab (display, xwindow, grab,
|
||||||
|
Loading…
Reference in New Issue
Block a user