5cfbe2528c
Inside the "if (clutter_actor_has_accessible (actor))" condition, the 'atk_child' variable is set and a signal is emitted on it. There is a classic ref/unref dance around the signal to guarantee that 'atk_child' won't be destroyed. However, this ref/unref dance doesn't work, because the unref is done *before* the 'atk_child' variable is used again. So if this was the last reference to it, it would have been destroyed in the unref call, then used for another signal emission a few lines down. That's a use-after-free. Fix that by declaring the 'atk_child' variable with g_autoptr. This delays the unref until the very end of the function, and is NULL safe. Also add a sneaky assertion, just for extra safety. Part-of: <https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/3828> |
||
|---|---|---|
| .. | ||
| clutter | ||
| meson.build | ||