You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

77 lines
2.9 KiB

diff -up atk-2.22.0/atk/atkgobjectaccessible.c.use-after-free atk-2.22.0/atk/atkgobjectaccessible.c
--- atk-2.22.0/atk/atkgobjectaccessible.c.use-after-free 2016-09-19 15:26:16.000000000 +0200
+++ atk-2.22.0/atk/atkgobjectaccessible.c 2017-05-22 19:31:40.538875766 +0200
@@ -37,7 +37,7 @@
static void atk_gobject_accessible_class_init (AtkGObjectAccessibleClass *klass);
static void atk_real_gobject_accessible_initialize (AtkObject *atk_obj,
gpointer data);
-static void atk_gobject_accessible_dispose (gpointer data);
+static void atk_gobject_accessible_object_gone_cb (gpointer data);
static GQuark quark_accessible_object = 0;
static GQuark quark_object = 0;
@@ -88,8 +88,7 @@ atk_gobject_accessible_for_object (GObje
g_return_val_if_fail (G_IS_OBJECT (obj), NULL);
/* See if we have a cached accessible for this object */
- accessible = g_object_get_qdata (obj,
- quark_accessible_object);
+ accessible = quark_accessible_object ? g_object_get_qdata (obj, quark_accessible_object) : NULL;
if (!accessible)
{
@@ -146,12 +145,12 @@ atk_real_gobject_accessible_initialize (
atk_obj->layer = ATK_LAYER_WIDGET;
g_object_weak_ref (data,
- (GWeakNotify) atk_gobject_accessible_dispose,
+ (GWeakNotify) atk_gobject_accessible_object_gone_cb,
atk_gobj);
}
static void
-atk_gobject_accessible_dispose (gpointer data)
+atk_gobject_accessible_object_gone_cb (gpointer data)
{
GObject *object;
@@ -168,9 +167,29 @@ atk_gobject_accessible_dispose (gpointer
}
static void
+atk_gobject_accessible_dispose (GObject *atk_obj)
+{
+ GObject *obj = atk_gobject_accessible_get_object (ATK_GOBJECT_ACCESSIBLE (atk_obj));
+
+ if (obj) {
+ g_object_set_qdata (obj, quark_accessible_object, NULL);
+ g_object_weak_unref (obj,
+ (GWeakNotify) atk_gobject_accessible_object_gone_cb,
+ atk_obj);
+
+ g_object_set_qdata (atk_obj, quark_object, NULL);
+ atk_object_notify_state_change (ATK_OBJECT (atk_obj), ATK_STATE_DEFUNCT,
+ TRUE);
+ }
+
+ G_OBJECT_CLASS (parent_class)->dispose (atk_obj);
+}
+
+static void
atk_gobject_accessible_class_init (AtkGObjectAccessibleClass *klass)
{
AtkObjectClass *class;
+ GObjectClass *object_class;
class = ATK_OBJECT_CLASS (klass);
@@ -178,6 +197,9 @@ atk_gobject_accessible_class_init (AtkGO
class->initialize = atk_real_gobject_accessible_initialize;
+ object_class = G_OBJECT_CLASS (klass);
+ object_class->dispose = atk_gobject_accessible_dispose;
+
if (!quark_accessible_object)
quark_accessible_object = g_quark_from_static_string ("accessible-object");
quark_object = g_quark_from_static_string ("object-for-accessible");