patch 9.0.2118: [security]: avoid double-free in get_style_font_variantsv9.0.2118

Problem: [security]: avoid double-free Solution: Only fee plain_font, when it is not the same as bold_font When plain_font == bold_font and bold_font is not NULL, we may end up trying to free bold_font again, which already has been freed a few lines above. So only free bold_font, when the condition gui.font_can_bold is true, which means that bold_font is not pointing to plain_font (so it needs to be freed separately). Signed-off-by: Christian Brabandt <cb@256bit.org>
author: Christian Brabandt <cb@256bit.org> 2023-11-19 16:25:45 +0100
committer: Christian Brabandt <cb@256bit.org> 2023-11-21 19:54:12 +0100
commit: a5218a7330cb14ddd9afa323ab03f4334e6a77a0 (patch)
tree: 57b70cdec54f30711183f928bd4d28bef2fb01a1 /src/gui_gtk_x11.c
parent: 567cae2630a51efddc07eacff3b38a295e1f5671 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/src/gui_gtk_x11.c b/src/gui_gtk_x11.c
index 4b3f53ef91..87838b9488 100644
--- a/src/gui_gtk_x11.c
+++ b/src/gui_gtk_x11.c
@@ -5048,7 +5048,8 @@ get_styled_font_variants(void)
     }
 
     pango_font_description_free(bold_font_desc);
-    g_object_unref(plain_font);
+    if (bold_font != NULL && gui.font_can_bold)
+	g_object_unref(plain_font);
 }
 
 static PangoEngineShape *default_shape_engine = NULL;
author	Christian Brabandt <cb@256bit.org>	2023-11-19 16:25:45 +0100
committer	Christian Brabandt <cb@256bit.org>	2023-11-21 19:54:12 +0100
commit	a5218a7330cb14ddd9afa323ab03f4334e6a77a0 (patch)
tree	57b70cdec54f30711183f928bd4d28bef2fb01a1 /src/gui_gtk_x11.c
parent	567cae2630a51efddc07eacff3b38a295e1f5671 (diff)