IntenseFinance/gnucash
3
0
Fork 0
mirror of https://github.com/Gnucash/gnucash.git synced 2025-02-25 18:55:30 -06:00
Code Issues Packages Projects Releases Wiki Activity

Fix use-after-free crash in gnc_set_busy_cursor.

Browse Source
This commit is contained in:
John Ralls
2022-08-29 12:47:38 -07:00
parent 70abdbd1ae
commit 0d0ab002f5
1 changed files with 10 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
gnucash/gnome-utils/cursors.c
View File

@@ -83,9 +83,16 @@ gnc_set_busy_cursor (GtkWidget *w, gboolean update_now)
gnc_ui_set_cursor (gtk_widget_get_window(w), GNC_CURSOR_BUSY, update_now);
else
{
GList *containerstop, *node;
/* gnc_ui_set_cursor runs the event loop and if there's an
* idle waiting that destroys a toplevel further down the list
* then we'll get a use after free crash unless we have our
* own reference, so take a reference to all of the toplevels
* and release them all after the loop finishes.
*/
GList *containerstop = gtk_window_list_toplevels (), *node;
g_list_foreach (containerstop, (GFunc)g_object_ref, NULL);
for (containerstop = node = gtk_window_list_toplevels (); node; node = node->next)
for (node = containerstop; node; node = node->next)
{
w = node->data;
@@ -94,7 +101,7 @@ gnc_set_busy_cursor (GtkWidget *w, gboolean update_now)
gnc_ui_set_cursor (gtk_widget_get_window(w), GNC_CURSOR_BUSY, update_now);
}
g_list_free (containerstop);
g_list_free_full (containerstop, (GDestroyNotify)g_object_unref);
}
}