Blame issue-434.patch

Michael Catanzaro efcf48
From acd6f57e2121edcb6625ff02042e8c5b799b9d98 Mon Sep 17 00:00:00 2001
Michael Catanzaro efcf48
From: Michael Catanzaro <mcatanzaro@igalia.com>
Michael Catanzaro efcf48
Date: Sun, 21 Jul 2019 13:38:40 -0500
Michael Catanzaro efcf48
Subject: [PATCH] Don't leave dangling pointers in the GcalEvent cache
Michael Catanzaro 101d50
Michael Catanzaro efcf48
The cache has an unowned pointer to the GcalEvent's UID. We need to
Michael Catanzaro efcf48
update the cache with the GcalEvent's new UID to avoid use-after-free.
Michael Catanzaro efcf48
Michael Catanzaro efcf48
Fixes #434
Michael Catanzaro efcf48
---
Michael Catanzaro efcf48
 src/gcal-event.c | 16 ++++++++++++++--
Michael Catanzaro efcf48
 1 file changed, 14 insertions(+), 2 deletions(-)
Michael Catanzaro 101d50
Michael Catanzaro 101d50
diff --git a/src/gcal-event.c b/src/gcal-event.c
Michael Catanzaro efcf48
index e8eada98..07c74222 100644
Michael Catanzaro 101d50
--- a/src/gcal-event.c
Michael Catanzaro 101d50
+++ b/src/gcal-event.c
Michael Catanzaro efcf48
@@ -259,13 +259,19 @@ gcal_event_update_uid_internal (GcalEvent *self)
Michael Catanzaro efcf48
 {
Michael Catanzaro efcf48
   ECalComponentId *id;
Michael Catanzaro efcf48
   const gchar *source_id;
Michael Catanzaro efcf48
+  gboolean should_update_cache = FALSE;
Michael Catanzaro efcf48
 
Michael Catanzaro efcf48
   /* Setup event uid */
Michael Catanzaro efcf48
   source_id = self->source ? e_source_get_uid (self->source) : "";
Michael Catanzaro 101d50
   id = e_cal_component_get_id (self->component);
Michael Catanzaro 101d50
 
Michael Catanzaro efcf48
-  /* Clear the previous uid */
Michael Catanzaro efcf48
-  g_clear_pointer (&self->uid, g_free);
Michael Catanzaro efcf48
+  if (self->uid != NULL)
Michael Catanzaro efcf48
+    {
Michael Catanzaro efcf48
+      should_update_cache = TRUE;
Michael Catanzaro efcf48
+      g_debug ("Removing '%s' (%p) from cache", self->uid, self);
Michael Catanzaro efcf48
+      g_hash_table_remove (event_cache, self->uid);
Michael Catanzaro efcf48
+      g_free (self->uid);
Michael Catanzaro efcf48
+    }
Michael Catanzaro 101d50
 
Michael Catanzaro 101d50
   if (id->rid != NULL)
Michael Catanzaro efcf48
     {
Michael Catanzaro efcf48
@@ -281,6 +287,12 @@ gcal_event_update_uid_internal (GcalEvent *self)
Michael Catanzaro 101d50
                                    id->uid);
Michael Catanzaro 101d50
     }
Michael Catanzaro 101d50
 
Michael Catanzaro efcf48
+  if (should_update_cache)
Michael Catanzaro efcf48
+    {
Michael Catanzaro efcf48
+      g_debug ("Adding %s to the cache", self->uid);
Michael Catanzaro efcf48
+      g_hash_table_insert (event_cache, self->uid, self);
Michael Catanzaro efcf48
+    }
Michael Catanzaro 101d50
+
Michael Catanzaro 101d50
   e_cal_component_free_id (id);
Michael Catanzaro 101d50
   g_object_notify_by_pspec (G_OBJECT (self), properties[PROP_UID]);
Michael Catanzaro 101d50
 }
Michael Catanzaro efcf48
-- 
Michael Catanzaro efcf48
2.21.0
Michael Catanzaro 101d50