From 46510f46c169c5d5d1f13bcb2e1ff2aa9fffe05f Mon Sep 17 00:00:00 2001 From: Ben Pfaff Date: Sun, 19 Aug 2012 13:18:56 -0700 Subject: [PATCH] psppire-cell-renderer-button: Avoid use-after-free with popup dialog. When gtk_button_clicked() on a PsppireCellRendererButton causes a modal dialog to pop up, psppire_cell_renderer_button_initial_click() only returns from gtk_button_clicked() after the button has already been destroyed, which causes the g_object_steal_data() call to remove the IDLE_ID_STRING to access freed memory. This commit fixes the problem by calling g_object_steal_data() before gtk_button_clicked(). --- src/ui/gui/psppire-cell-renderer-button.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ui/gui/psppire-cell-renderer-button.c b/src/ui/gui/psppire-cell-renderer-button.c index ac90984a3d..978908e01f 100644 --- a/src/ui/gui/psppire-cell-renderer-button.c +++ b/src/ui/gui/psppire-cell-renderer-button.c @@ -318,8 +318,8 @@ psppire_cell_renderer_button_initial_click (gpointer data) { GtkButton *button = data; - gtk_button_clicked (button); g_object_steal_data (G_OBJECT (button), IDLE_ID_STRING); + gtk_button_clicked (button); return FALSE; } -- 2.30.2