From 8ad3d2b29656b3af312b752c62ff68e7059fc326 Mon Sep 17 00:00:00 2001 From: Kristian Rietveld Date: Sat, 24 Sep 2011 17:32:21 -0700 Subject: [PATCH] Bug 657770 - Write to released memory in gtkdnd-quartz.c Clear the Drag paste board just before the info->context is released. This way the GtkDragSourceOwner is released just before the drag context is and thus can pasteboard:provideDataForType: not accidentally access an already released drag context --- gtk/gtkdnd-quartz.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/gtk/gtkdnd-quartz.c b/gtk/gtkdnd-quartz.c index b577bb6f10..6d4e709a94 100644 --- a/gtk/gtkdnd-quartz.c +++ b/gtk/gtkdnd-quartz.c @@ -1777,6 +1777,9 @@ gtk_drag_set_icon_default (GdkDragContext *context) static void gtk_drag_source_info_destroy (GtkDragSourceInfo *info) { + NSPasteboard *pasteboard; + NSAutoreleasePool *pool; + if (info->icon_pixbuf) g_object_unref (info->icon_pixbuf); @@ -1791,10 +1794,21 @@ gtk_drag_source_info_destroy (GtkDragSourceInfo *info) gtk_target_list_unref (info->target_list); + pool = [[NSAutoreleasePool alloc] init]; + + /* Empty the pasteboard, so that it will not accidentally access + * info->context after it has been destroyed. + */ + pasteboard = [NSPasteboard pasteboardWithName: NSDragPboard]; + [pasteboard declareTypes: nil owner: nil]; + + [pool relase]; + gtk_drag_clear_source_info (info->context); g_object_unref (info->context); g_free (info); + info = NULL; } static gboolean -- 2.30.2