From d6b2c2cb1fadce1fdd22e784fa4a0043fa7def7a Mon Sep 17 00:00:00 2001 From: Sergey Bugaev Date: Fri, 19 Jul 2024 20:23:22 +0300 Subject: [PATCH] urilauncher: Fix use-after-free on GCC < 12 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Building GTK with GCC 8 results in the following warning: gtk/gtkurilauncher.c: In function ‘gtk_uri_launcher_launch’: gtk/gtkurilauncher.c:315:3: warning: this ‘else’ clause does not guard... [-Wmisleading-indentation] else ^~~~ gtk/gtkurilauncher.c:317:1: note: ...this statement, but the latter is misleadingly indented as if it were guarded by the ‘else’ G_GNUC_BEGIN_IGNORE_DEPRECATIONS ^~~ In the compiled code, gtk_show_uri_full () is invoked whether the portal branch is taken or not, leading to use-after-free of the task. It looks like GCC in versions older than 12 treats the _Pragma(s) that G_GNUC_BEGIN_IGNORE_DEPRECATIONS expands to as C-level statements, and therefore the pragma takes up the 'else' statement slot. See https://godbolt.org/z/e5zqbaqxo for a simple reproducer. Signed-off-by: Sergey Bugaev --- gtk/gtkurilauncher.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/gtk/gtkurilauncher.c b/gtk/gtkurilauncher.c index 7410a8da2a..52d9c58cc6 100644 --- a/gtk/gtkurilauncher.c +++ b/gtk/gtkurilauncher.c @@ -314,9 +314,11 @@ gtk_uri_launcher_launch (GtkUriLauncher *self, gtk_openuri_portal_open_uri_async (self->uri, parent, cancellable, open_done, task); else #endif + { G_GNUC_BEGIN_IGNORE_DEPRECATIONS - gtk_show_uri_full (parent, self->uri, GDK_CURRENT_TIME, cancellable, show_uri_done, task); + gtk_show_uri_full (parent, self->uri, GDK_CURRENT_TIME, cancellable, show_uri_done, task); G_GNUC_END_IGNORE_DEPRECATIONS + } } /**