DBus Menu

Merge lp:~mterry/libdbusmenu/fix-bad-image-set into lp:libdbusmenu/0.5

  1. fix-bad-image-set
  2. Merge into trunk
Proposed by Michael Terry
Status: Merged
Approved by: Ted Gould
Approved revision: 341
Merged at revision: 341
Proposed branch: lp:~mterry/libdbusmenu/fix-bad-image-set
Merge into: lp:libdbusmenu/0.5
Diff against target: 11 lines (+1/-0)
1 file modified
libdbusmenu-gtk/genericmenuitem.c (+1/-0)
To merge this branch: bzr merge lp:~mterry/libdbusmenu/fix-bad-image-set
Reviewer Review Type Date Requested Status
Ted Gould (community) Approve
Review via email: mp+78303@code.launchpad.net

Description of the change

I don't believe this code is hit currently (or we'd likely have lots of crashes), but it's something I noticed.

If genericmenuitem_set_image is called after a previous image has been set and the previous image was the only child of the menuitem (i.e. no label has ever been set for this menuitem), then we would try to use destroyed memory.

This would happen because we would set imagew to the previous image child widget. Then gtk_widget_destroy it. Then because the 'child' pointer was non-NULL, we'd try to treat 'child' as a box. But we should be going down the 'child is NULL' code path.

So this branch NULLs out the child pointer.

To post a comment you must log in.
Revision history for this message
Ted Gould (ted) :
review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'libdbusmenu-gtk/genericmenuitem.c'
2--- libdbusmenu-gtk/genericmenuitem.c 2011-08-25 03:00:46 +0000
3+++ libdbusmenu-gtk/genericmenuitem.c 2011-10-05 19:03:25 +0000
4@@ -449,6 +449,7 @@
5 if (GTK_IS_IMAGE(child)) {
6 /* We've got a label, let's update it. */
7 imagew = GTK_IMAGE(child);
8+ child = NULL;
9 } else if (GTK_IS_BOX(child)) {
10 /* Look for the label in the box */
11 gtk_container_foreach(GTK_CONTAINER(child), set_image_helper, &imagew);

Subscribers

People subscribed via source and target branches