adam/vim
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

patch 9.0.2118: [security]: avoid double-free in get_style_font_variants

Browse Source 
Problem:  [security]: avoid double-free
Solution: Only fee plain_font, when it is not the same as bold_font

When plain_font == bold_font and bold_font is not NULL, we may end up
trying to free bold_font again, which already has been freed a few lines
above.

So only free bold_font, when the condition gui.font_can_bold is true,
which means that bold_font is not pointing to plain_font (so it needs to
be freed separately).

Signed-off-by: Christian Brabandt <cb@256bit.org>
This commit is contained in:
Christian Brabandt
2023-11-19 16:25:45 +01:00
parent 567cae2630
commit a5218a7330
2 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/gui_gtk_x11.c
View File

@ -5048,7 +5048,8 @@ get_styled_font_variants(void)
} }
pango_font_description_free(bold_font_desc); pango_font_description_free(bold_font_desc);
g_object_unref(plain_font); if (bold_font != NULL && gui.font_can_bold)
g_object_unref(plain_font);
} }
static PangoEngineShape *default_shape_engine = NULL; static PangoEngineShape *default_shape_engine = NULL;

2
src/version.c
View File

@ -704,6 +704,8 @@ static char *(features[]) =
static int included_patches[] = static int included_patches[] =
{ /* Add new patch number below this line */ { /* Add new patch number below this line */
/**/
2118,
/**/ /**/
2117, 2117,
/**/ /**/