From: Barnabás Pőcze Date: Sun, 8 Jan 2023 18:38:54 +0000 (+0100) Subject: a11y: Check if path is NULL when removing from cache X-Git-Tag: archive/raspbian/4.12.3+ds-1+rpi1~1^2^2^2~22^2~8^2~81^2~1 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=ab5a6ed0f17d925c8e93729620ed7516093081a5;p=gtk4.git a11y: Check if path is NULL when removing from cache `gtk_at_spi_cache_add_context()` checks if the GtkAtSpiContext's path is NULL before inserting the context object into the hash table. Do the same in `gtk_at_spi_cache_remove_context()` to avoid a NULL pointer dereference in `g_str_hash()` during the hash table lookup if a context with NULL path is removed. That can happen when the GtkAtSpiRoot::base_path is NULL, which, in turn, can happen if `g_application_get_dbus_object_path()` returns NULL. ==394047==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7fd1966f8b84 bp 0x7fff11e3ded0 sp 0x7fff11e3de58 T0) ==394047==The signal is caused by a READ memory access. ==394047==Hint: address points to the zero page. #0 0x7fd1966f8b84 in g_str_hash (/usr/lib/libglib-2.0.so.0+0x37b84) #1 0x7fd1966f9c09 in g_hash_table_contains (/usr/lib/libglib-2.0.so.0+0x38c09) #2 0x7fd196062c10 in gtk_at_spi_cache_remove_context ../gtk/a11y/gtkatspicache.c:447 #3 0x7fd19606e0a9 in gtk_at_spi_root_unregister ../gtk/a11y/gtkatspiroot.c:653 #4 0x7fd196067f58 in gtk_at_spi_context_unrealize ../gtk/a11y/gtkatspicontext.c:1559 #5 0x7fd195ced97f in gtk_at_context_unrealize ../gtk/gtkatcontext.c:668 #6 0x7fd195f5576e in gtk_widget_unroot_at_context ../gtk/gtkwidget.c:2399 #7 0x7fd195f55bd2 in gtk_widget_unroot ../gtk/gtkwidget.c:2499 ... --- diff --git a/gtk/a11y/gtkatspicache.c b/gtk/a11y/gtkatspicache.c index 3b16f24d6f..c24d55923f 100644 --- a/gtk/a11y/gtkatspicache.c +++ b/gtk/a11y/gtkatspicache.c @@ -444,6 +444,9 @@ gtk_at_spi_cache_remove_context (GtkAtSpiCache *self, g_return_if_fail (GTK_IS_AT_SPI_CONTEXT (context)); const char *path = gtk_at_spi_context_get_context_path (context); + if (path == NULL) + return; + if (!g_hash_table_contains (self->contexts_by_path, path)) return;