After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 343480 - Using freed memory in overwrite confirm_overwrite_callback function
Using freed memory in overwrite confirm_overwrite_callback function
Status: RESOLVED FIXED
Product: gedit
Classification: Applications
Component: general
2.14.x
Other Linux
: Normal normal
: ---
Assigned To: Gedit maintainers
Gedit maintainers
Depends on:
Blocks:
 
 
Reported: 2006-05-31 06:53 UTC by Sylvain Defresne
Modified: 2006-05-31 07:14 UTC
See Also:
GNOME target: ---
GNOME version: 2.13/2.14

Attachments
Only free the uri after presenting it to the user (827 bytes, patch)
2006-05-31 06:58 UTC, Sylvain Defresne 		committed Details | Review

Description Sylvain Defresne 2006-05-31 06:53:30 UTC 
The function confirm_overwrite_callback called when a user try to overwrite an existing file re-use the uri, in the popup presented when it correspond to a read-only uri, after having freed it. This could lead to random crash of the application (in the worst-case), and generally lead to a completely gibberish dialog.

The attached patch correct the problem by only freeing the uri after presenting the dialog.
Comment 1 Sylvain Defresne 2006-05-31 06:58:12 UTC 
Created attachment 66514 [details] [review]
Only free the uri after presenting it to the user

We only free the uri after having called the replace_read_only_file function. Care is taken in order not to leak the uri.
Comment 2 Paolo Borelli 2006-05-31 07:14:36 UTC 
Nice catch! Thank you.


2006-05-31  Paolo Borelli  <pborelli@katamail.com>

	* gedit/gedit-commands-file.c (confirm_overwrite_callback): fix
	use after free. patch by Sylvain Defresne (bug #343480)