psppire-cell-renderer-button: Avoid use-after-free with popup dialog.

When gtk_button_clicked() on a PsppireCellRendererButton causes a
modal dialog to pop up, psppire_cell_renderer_button_initial_click()
only returns from gtk_button_clicked() after the button has already
been destroyed, which causes the g_object_steal_data() call to
remove the IDLE_ID_STRING to access freed memory.  This commit fixes
the problem by calling g_object_steal_data() before
gtk_button_clicked().

diff --git a/src/ui/gui/psppire-cell-renderer-button.c b/src/ui/gui/psppire-cell-renderer-button.c
index ac90984a3d233c35823a86dfde80f2d6e92481d4..978908e01f6fd8ced6da4095710399bbed448556 100644 (file)
--- a/src/ui/gui/psppire-cell-renderer-button.c
+++ b/src/ui/gui/psppire-cell-renderer-button.c
@@ -318,8 +318,8 @@ psppire_cell_renderer_button_initial_click (gpointer data)
 {
   GtkButton *button = data;
 
-  gtk_button_clicked (button);
   g_object_steal_data (G_OBJECT (button), IDLE_ID_STRING);
+  gtk_button_clicked (button);
   return FALSE;
 }