GNOME Bugzilla – Bug 630494
The Vimeo plugin accesses freed memory during searches
Last modified: 2010-09-24 15:02:57 UTC
Created attachment 171004 [details] [review] Fix freed memory access in the search callback of the Vimeo plugin When the search callback is called on the last result, it frees the search specification. This is still accessed beyond the callback in the vimeo search callback though. The attached patch changes the logic slightly to avoid accessing this memory after its been freed.
Review of attachment 171004 [details] [review]: ::: src/vimeo/grl-vimeo.c @@ +296,2 @@ { + sd->ss->count = count; Surely the value of sd->ss->count should be updated to count before the if check? Otherwise this might change behaviour (since it won't be updated to zero in the case of count being zero?)
Created attachment 171015 [details] [review] Fix freed memory access in the search callback of the Vimeo plugin Updated patch that's functionally equivalent to the code it replaced.
commit 619160f344bbc355f3bed535aef43c800bb0db82 Author: Chris Lord Date: Fri Sep 24 11:24:46 2010 +0100 vimeo: Fix accessing of freed memory during searches When the callback in the search-data is called and there are no more results left, the callback frees the related data. This data is accessed beyond the callback though, so this needs to be guarded against. https://bugzilla.gnome.org/show_bug.cgi?id=630494