main/xfdesktop/0001-fix-use-after-free-in-xfdesktop_regular_file_icon_pe.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64

From 7669f5b3bc23658ac4f339fd288d8e8f9f30419e Mon Sep 17 00:00:00 2001
From: Stefan Seyfried <seife+obs@b1-systems.com>
Date: Wed, 27 Jun 2012 09:42:55 +0200
Subject: [PATCH] fix use-after-free in
 xfdesktop_regular_file_icon_peek_tooltip

xfce_rc_close() actually free()s "comment", so it needs to come after
we have strdup()ed its contents, not before.
This was introduced in commit 2fac2c92 (fix for bug 8509)
Fixes bug 9059.
---
 src/xfdesktop-regular-file-icon.c |   25 ++++++++++++-------------
 1 file changed, 12 insertions(+), 13 deletions(-)

diff --git a/src/xfdesktop-regular-file-icon.c b/src/xfdesktop-regular-file-icon.c
index ff5d074..6e4b71d 100644
--- a/src/xfdesktop-regular-file-icon.c
+++ b/src/xfdesktop-regular-file-icon.c
@@ -552,6 +552,10 @@ xfdesktop_regular_file_icon_peek_tooltip(XfdesktopIcon *icon)
                                                  G_FILE_ATTRIBUTE_TIME_MODIFIED);
         time_string = xfdesktop_file_utils_format_time_for_display(mtime);
 
+        regular_file_icon->priv->tooltip =
+            g_strdup_printf(_("Type: %s\nSize: %s\nLast modified: %s"),
+                            description, size_string, time_string);
+
         /* Extract the Comment entry from the .desktop file */
         if(is_desktop_file)
         {
@@ -563,23 +567,18 @@ xfdesktop_regular_file_icon_peek_tooltip(XfdesktopIcon *icon)
                 xfce_rc_set_group(rcfile, "Desktop Entry");
                 comment = xfce_rc_read_entry(rcfile, "Comment", NULL);
             }
+            /* Prepend the comment to the tooltip */
+            if(comment != NULL) {
+                gchar *tooltip = regular_file_icon->priv->tooltip;
+                regular_file_icon->priv->tooltip = g_strdup_printf("%s\n%s",
+                                                                   comment,
+                                                                   tooltip);
+                g_free(tooltip);
+            }
 
             xfce_rc_close(rcfile);
         }
 
-        regular_file_icon->priv->tooltip =
-            g_strdup_printf(_("Type: %s\nSize: %s\nLast modified: %s"),
-                            description, size_string, time_string);
-
-        /* Prepend the comment to the tooltip */
-        if(is_desktop_file && comment != NULL) {
-            gchar *tooltip = regular_file_icon->priv->tooltip;
-            regular_file_icon->priv->tooltip = g_strdup_printf("%s\n%s",
-                                                               comment,
-                                                               tooltip);
-            g_free(tooltip);
-        }
-
         g_free(time_string);
         g_free(size_string);
         g_free(description);
-- 
1.7.10.4