mirror of
https://github.com/labwc/labwc.git
synced 2026-04-10 08:21:07 -04:00
img: fix UAF on Reconfigure by refcounting
Before this commit, there was a use-after-free bug on Reconfigure: - theme_finish() destroys lab_imgs for titlebar icons - For some reason, undecorate() calls _create_buffer() in scaled-img-buffer.c, which calls img_render() on a destroyed lab_img. So this commit adds wlr_buffer-like APIs: lab_img_lock(), lab_img_unlock() and lab_img_drop(). This ensures a lab_img is never destroyed until no one references it.
This commit is contained in:
tokyo4j
parent
7a6ecca804
commit
cffa7c0315
6 changed files with 42 additions and 17 deletions
|
|
@ -79,7 +79,6 @@ struct ssd {
|
|||
} title;
|
||||
|
||||
char *app_id;
|
||||
struct lab_img *icon_img;
|
||||
} state;
|
||||
|
||||
/* An invisible area around the view which allows resizing */
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue