Skip to content

Commit

Permalink
codenav: Fix use-after-free in cached completion model
Browse files Browse the repository at this point in the history
Add a reference when saving the completion model in the old_model var.
Otherwise, when the entry field is destroyed the attached model's
refcount drops to 0 and it's deallocated, resulting in a use-after-free
when attempting to recover it in the next invocation.
  • Loading branch information
gkatev committed Apr 26, 2024
1 parent a8f26ab commit adaceb6
Showing 1 changed file with 6 additions and 0 deletions.
6 changes: 6 additions & 0 deletions codenav/src/goto_file.c
Original file line number Diff line number Diff line change
Expand Up @@ -163,8 +163,11 @@ directory_check(GtkEntry* entry, GtkEntryCompletion* completion)
if (old_model != NULL)
{ /* Restore the no-sub-directory model */
log_debug("Restoring old model!");

gtk_entry_completion_set_model (completion, old_model);
g_object_unref(old_model);
old_model = NULL;

g_free(curr_dir);
curr_dir = NULL;
}
Expand All @@ -185,7 +188,10 @@ directory_check(GtkEntry* entry, GtkEntryCompletion* completion)

/* Save the completion_mode for future restore. */
if (old_model == NULL)
{
old_model = gtk_entry_completion_get_model(completion);
g_object_ref(old_model);
}

log_debug("New completion list!");

Expand Down

0 comments on commit adaceb6

Please sign in to comment.