vcl/unx/gtk3/gtk3gtkinst.cxx | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-)
New commits: commit ee2a9436dc9b4586e993062a2f85b105d8c16b25 Author: Caolán McNamara <[email protected]> AuthorDate: Tue May 28 11:21:15 2019 +0100 Commit: Caolán McNamara <[email protected]> CommitDate: Tue May 28 16:12:07 2019 +0200 use after free in GtkInstanceWidget::signal_focus_in https://gerrit.libreoffice.org/#/c/71829/ Change-Id: Ia98de7da7182ae35cbd83fdede89f3955ca45ece Reviewed-on: https://gerrit.libreoffice.org/73092 Reviewed-by: Stephan Bergmann <[email protected]> Reviewed-by: Caolán McNamara <[email protected]> Tested-by: Caolán McNamara <[email protected]> diff --git a/vcl/unx/gtk3/gtk3gtkinst.cxx b/vcl/unx/gtk3/gtk3gtkinst.cxx index 6e3069600dd1..afe19b113919 100644 --- a/vcl/unx/gtk3/gtk3gtkinst.cxx +++ b/vcl/unx/gtk3/gtk3gtkinst.cxx @@ -1259,13 +1259,20 @@ protected: DECL_LINK(async_signal_focus_in, void*, void); - static gboolean signalFocusIn(GtkWidget*, GdkEvent*, gpointer widget) + void launch_signal_focus_in() { - GtkInstanceWidget* pThis = static_cast<GtkInstanceWidget*>(widget); // in e.g. function wizard RefEdits we want to select all when we get focus // but there are pending gtk handlers which change selection after our handler // post our focus in event to happen after those finish - Application::PostUserEvent(LINK(pThis, GtkInstanceWidget, async_signal_focus_in)); + if (m_pFocusEvent) + Application::RemoveUserEvent(m_pFocusEvent); + m_pFocusEvent = Application::PostUserEvent(LINK(this, GtkInstanceWidget, async_signal_focus_in)); + } + + static gboolean signalFocusIn(GtkWidget*, GdkEvent*, gpointer widget) + { + GtkInstanceWidget* pThis = static_cast<GtkInstanceWidget*>(widget); + pThis->launch_signal_focus_in(); return false; } @@ -1381,6 +1388,7 @@ private: bool m_bDraggedOver; sal_uInt16 m_nLastMouseButton; sal_uInt16 m_nLastMouseClicks; + ImplSVEvent* m_pFocusEvent; gulong m_nFocusInSignalId; gulong m_nMnemonicActivateSignalId; gulong m_nFocusOutSignalId; @@ -1582,6 +1590,7 @@ public: , m_bDraggedOver(false) , m_nLastMouseButton(0) , m_nLastMouseClicks(0) + , m_pFocusEvent(nullptr) , m_nFocusInSignalId(0) , m_nMnemonicActivateSignalId(0) , m_nFocusOutSignalId(0) @@ -2070,6 +2079,8 @@ public: virtual ~GtkInstanceWidget() override { + if (m_pFocusEvent) + Application::RemoveUserEvent(m_pFocusEvent); if (m_nDragMotionSignalId) g_signal_handler_disconnect(m_pWidget, m_nDragMotionSignalId); if (m_nDragDropSignalId) @@ -2157,6 +2168,7 @@ public: IMPL_LINK_NOARG(GtkInstanceWidget, async_signal_focus_in, void*, void) { + m_pFocusEvent = nullptr; signal_focus_in(); } _______________________________________________ Libreoffice-commits mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
