rpms / gnome-calendar

Clone
Source Code
GIT

Files

  1.   c19f4fab6edc8bae8f874e314abcab8f168f3262
  2.   269.patch
Blob Blame History Raw 
From 21e5396bf5d6fe6101bb1c773632e8722fe2f3bb Mon Sep 17 00:00:00 2001
From: Milan Crha <mcrha@redhat.com>
Date: Mon, 31 Oct 2022 10:57:40 +0100
Subject: [PATCH] event-editor: Fix possible use-after-free of recurrence until
 date

The GcalDateSelector returns an internal instance, while the 'until' date/time
is meant to be an own instance, which is freed by the GcalRecurrence instance
in its free function. That means the 'until' date/time is supposed to be reffed
when being assigned into the GcalRecurrence structure.

Closes https://gitlab.gnome.org/GNOME/gnome-calendar/-/issues/892
---
 src/gui/event-editor/gcal-schedule-section.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/gui/event-editor/gcal-schedule-section.c b/src/gui/event-editor/gcal-schedule-section.c
index 2aed8e30..6a051909 100644
--- a/src/gui/event-editor/gcal-schedule-section.c
+++ b/src/gui/event-editor/gcal-schedule-section.c
@@ -616,7 +616,7 @@ gcal_schedule_section_apply (GcalEventEditorSection *section)
       recur->limit_type = gtk_combo_box_get_active (GTK_COMBO_BOX (self->repeat_duration_combo));
 
       if (recur->limit_type == GCAL_RECURRENCE_UNTIL)
-        recur->limit.until = gcal_date_selector_get_date (GCAL_DATE_SELECTOR (self->until_date_selector));
+        recur->limit.until = g_date_time_ref (gcal_date_selector_get_date (GCAL_DATE_SELECTOR (self->until_date_selector)));
       else if (recur->limit_type == GCAL_RECURRENCE_COUNT)
         recur->limit.count = gtk_spin_button_get_value_as_int (GTK_SPIN_BUTTON (self->number_of_occurrences_spin));
 
@@ -821,7 +821,7 @@ gcal_schedule_section_recurrence_changed (GcalScheduleSection *self)
   recurrence->frequency = gtk_combo_box_get_active (GTK_COMBO_BOX (self->repeat_combo));
   recurrence->limit_type = gtk_combo_box_get_active (GTK_COMBO_BOX (self->repeat_duration_combo));
   if (recurrence->limit_type == GCAL_RECURRENCE_UNTIL)
-    recurrence->limit.until = gcal_date_selector_get_date (GCAL_DATE_SELECTOR (self->until_date_selector));
+    recurrence->limit.until = g_date_time_ref (gcal_date_selector_get_date (GCAL_DATE_SELECTOR (self->until_date_selector)));
   else if (recurrence->limit_type == GCAL_RECURRENCE_COUNT)
     recurrence->limit.count = gtk_spin_button_get_value_as_int (GTK_SPIN_BUTTON (self->number_of_occurrences_spin));
 
-- 
GitLab
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.