[Libreoffice-commits] core.git: vcl/unx

Caolán McNamara (via logerrit) logerrit at kemper.freedesktop.org
Tue May 28 14:13:02 UTC 2019 

 vcl/unx/gtk3/gtk3gtkinst.cxx |   18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

New commits:
commit ee2a9436dc9b4586e993062a2f85b105d8c16b25
Author:     Caolán McNamara <caolanm at redhat.com>
AuthorDate: Tue May 28 11:21:15 2019 +0100
Commit:     Caolán McNamara <caolanm at redhat.com>
CommitDate: Tue May 28 16:12:07 2019 +0200

    use after free in GtkInstanceWidget::signal_focus_in
    
    https://gerrit.libreoffice.org/#/c/71829/
    
    Change-Id: Ia98de7da7182ae35cbd83fdede89f3955ca45ece
    Reviewed-on: https://gerrit.libreoffice.org/73092
    Reviewed-by: Stephan Bergmann <sbergman at redhat.com>
    Reviewed-by: Caolán McNamara <caolanm at redhat.com>
    Tested-by: Caolán McNamara <caolanm at redhat.com>

diff --git a/vcl/unx/gtk3/gtk3gtkinst.cxx b/vcl/unx/gtk3/gtk3gtkinst.cxx
index 6e3069600dd1..afe19b113919 100644
--- a/vcl/unx/gtk3/gtk3gtkinst.cxx
+++ b/vcl/unx/gtk3/gtk3gtkinst.cxx
@@ -1259,13 +1259,20 @@ protected:
 
     DECL_LINK(async_signal_focus_in, void*, void);
 
-    static gboolean signalFocusIn(GtkWidget*, GdkEvent*, gpointer widget)
+    void launch_signal_focus_in()
     {
-        GtkInstanceWidget* pThis = static_cast<GtkInstanceWidget*>(widget);
         // in e.g. function wizard RefEdits we want to select all when we get focus
         // but there are pending gtk handlers which change selection after our handler
         // post our focus in event to happen after those finish
-        Application::PostUserEvent(LINK(pThis, GtkInstanceWidget, async_signal_focus_in));
+        if (m_pFocusEvent)
+            Application::RemoveUserEvent(m_pFocusEvent);
+        m_pFocusEvent = Application::PostUserEvent(LINK(this, GtkInstanceWidget, async_signal_focus_in));
+    }
+
+    static gboolean signalFocusIn(GtkWidget*, GdkEvent*, gpointer widget)
+    {
+        GtkInstanceWidget* pThis = static_cast<GtkInstanceWidget*>(widget);
+        pThis->launch_signal_focus_in();
         return false;
     }
 
@@ -1381,6 +1388,7 @@ private:
     bool m_bDraggedOver;
     sal_uInt16 m_nLastMouseButton;
     sal_uInt16 m_nLastMouseClicks;
+    ImplSVEvent* m_pFocusEvent;
     gulong m_nFocusInSignalId;
     gulong m_nMnemonicActivateSignalId;
     gulong m_nFocusOutSignalId;
@@ -1582,6 +1590,7 @@ public:
         , m_bDraggedOver(false)
         , m_nLastMouseButton(0)
         , m_nLastMouseClicks(0)
+        , m_pFocusEvent(nullptr)
         , m_nFocusInSignalId(0)
         , m_nMnemonicActivateSignalId(0)
         , m_nFocusOutSignalId(0)
@@ -2070,6 +2079,8 @@ public:
 
     virtual ~GtkInstanceWidget() override
     {
+        if (m_pFocusEvent)
+            Application::RemoveUserEvent(m_pFocusEvent);
         if (m_nDragMotionSignalId)
             g_signal_handler_disconnect(m_pWidget, m_nDragMotionSignalId);
         if (m_nDragDropSignalId)
@@ -2157,6 +2168,7 @@ public:
 
 IMPL_LINK_NOARG(GtkInstanceWidget, async_signal_focus_in, void*, void)
 {
+    m_pFocusEvent = nullptr;
     signal_focus_in();
 }

More information about the Libreoffice-commits mailing list