gkimmulticontext: Fix crash due to leaked signal handler

The problem is caused by gtk_im_multicontext_set_slave(), which forgets
to disconnect these signal handlers:
* gtk_im_multicontext_retrieve_surrounding_cb
* gtk_im_multicontext_delete_surrounding_cb

If slave GtkImContext emits signal after GtkIMMulticontext context is
destroyed, this leads to reading freed memory, sometimes causing a crash.

Fixes: #2365

diff --git a/gtk/gtkimmulticontext.c b/gtk/gtkimmulticontext.c
index 863f8624289a9e5d5b686d12460022cd4b72c381..b7a40a1f4b47d80aebdbcd8b0b0d2f328b807131 100644 (file)
--- a/gtk/gtkimmulticontext.c
+++ b/gtk/gtkimmulticontext.c
@@ -189,6 +189,12 @@ gtk_im_multicontext_set_slave (GtkIMMulticontext *multicontext,
       g_signal_handlers_disconnect_by_func (priv->slave,
                                            gtk_im_multicontext_commit_cb,
                                            multicontext);
+      g_signal_handlers_disconnect_by_func (priv->slave,
+                                           gtk_im_multicontext_retrieve_surrounding_cb,
+                                           multicontext);
+      g_signal_handlers_disconnect_by_func (priv->slave,
+                                           gtk_im_multicontext_delete_surrounding_cb,
+                                           multicontext);
 
       g_object_unref (priv->slave);
       priv->slave = NULL;