Skip to content

Commit

Permalink
Fix gvdb_table_write_contents_async()
Browse files Browse the repository at this point in the history
It worked when I first wrote it, but I broke it during the late stages
of code review. str is already freed here, so this is a use-after-free
vulnerability for starters. It also causes the file saved to be always
empty.
  • Loading branch information
mcatanzaro committed Jun 27, 2019
1 parent f586fa0 commit d83587b
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion gvdb-builder.c
Original file line number Diff line number Diff line change
Expand Up @@ -608,7 +608,9 @@ gvdb_table_write_contents_async (GHashTable *table,
g_task_set_task_data (task, data, (GDestroyNotify)write_contents_data_free);
g_task_set_source_tag (task, gvdb_table_write_contents_async);

g_file_replace_contents_async (file, str->str, str->len,
g_file_replace_contents_async (file,
g_bytes_get_data (bytes, NULL),
g_bytes_get_size (bytes),
NULL, FALSE,
G_FILE_CREATE_PRIVATE | G_FILE_CREATE_REPLACE_DESTINATION,
cancellable, replace_contents_cb, g_steal_pointer (&task));
Expand Down

0 comments on commit d83587b

Please sign in to comment.