aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches/gtk2-harden-list-store.patch
blob: f49dc3bc772e7eddde943681b900f5b8eed321c2 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
Backport the implementation of gtk_list_store_iter_is_valid from gtk+-3.

Index: gtk+-2.24.33/gtk/gtkliststore.c
===================================================================
--- gtk+-2.24.33.orig/gtk/gtkliststore.c
+++ gtk+-2.24.33/gtk/gtkliststore.c
@@ -1195,16 +1195,31 @@ gboolean
 gtk_list_store_iter_is_valid (GtkListStore *list_store,
                               GtkTreeIter  *iter)
 {
+  GSequenceIter *seq_iter;
+
   g_return_val_if_fail (GTK_IS_LIST_STORE (list_store), FALSE);
   g_return_val_if_fail (iter != NULL, FALSE);
 
-  if (!VALID_ITER (iter, list_store))
-    return FALSE;
+  /* can't use VALID_ITER() here, because iter might point
+   * to random memory.
+   *
+   * We MUST NOT dereference it.
+   */
 
-  if (g_sequence_iter_get_sequence (iter->user_data) != list_store->seq)
+  if (iter == NULL ||
+      iter->user_data == NULL ||
+      list_store->stamp != iter->stamp)
     return FALSE;
 
-  return TRUE;
+  for (seq_iter = g_sequence_get_begin_iter (list_store->seq);
+       !g_sequence_iter_is_end (seq_iter);
+       seq_iter = g_sequence_iter_next (seq_iter))
+    {
+      if (seq_iter == iter->user_data)
+        return TRUE;
+    }
+
+  return FALSE;
 }
 
 static gboolean real_gtk_list_store_row_draggable (GtkTreeDragSource *drag_source,