changeset
fix a use after free by making sure to reference an old smiley image if it is not null.
Thu, 14 May 2020 03:20:38 -0500
- author
- Gary Kramlich <grim@reaperworld.com>
- date
- Thu, 14 May 2020 03:20:38 -0500
- branch
- release-2.x.y
- changeset 40407
- 0ff0248b4928
- parent 40400
- bd55166164c0
- child 40408
- 9370dfa3e9ee
- child 40409
- 9b956fdf046e
fix a use after free by making sure to reference an old smiley image if it is not null.
| libpurple/smiley.c | file | annotate | diff | comparison | revisions |
--- a/libpurple/smiley.c Mon May 11 21:28:39 2020 +0000 +++ b/libpurple/smiley.c Thu May 14 03:20:38 2020 -0500 @@ -615,7 +615,7 @@ purple_smiley_set_data_impl(PurpleSmiley *smiley, guchar *smiley_data, size_t smiley_data_len) { - PurpleStoredImage *old_img, *new_img; + PurpleStoredImage *old_img = NULL, *new_img = NULL; const char *old_filename = NULL; const char *new_filename = NULL; @@ -623,7 +623,10 @@ g_return_if_fail(smiley_data != NULL); g_return_if_fail(smiley_data_len > 0); - old_img = smiley->img; + if(smiley->img != NULL) { + old_img = smiley->img; + purple_imgstore_ref(old_img); + } new_img = purple_smiley_data_new(smiley_data, smiley_data_len);
