paweld/lazarus
1
0
Fork 0
mirror of https://gitlab.com/freepascal.org/lazarus/lazarus.git synced 2025-04-07 22:58:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

LCL-GTK2: Fix double free due to wrong refcount during SaveDC/RestoreDC

Browse Source 
CopyDataFrom copies the FPixmap field directly without updating
reference counts for the objects, which in some cases ends up attempting
to unref (in the TGtkDeviceContext destructor) an already freed object
(this can happen when, e.g., SaveDC/RestoreDC is called twice with the
same DC - in the first SaveDC/RestoreDC "pass", RestoreDC deletes the
FPixmap object during the saved context destruction and in the second
"pass" the object is already destroyed and the program crashes).

This patch fixes this by adding calls to ref/unref during CopyDataFrom
for the FPixmap.
This commit is contained in:
Bad Sector 2023-08-27 06:23:49 +03:00 committed by Maxim Ganetsky
parent ca9f504a0d
commit 5ecce8dc19
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lcl/interfaces/gtk2/gtk2devicecontext.inc
View File

@ -681,6 +681,8 @@ begin
FWithChildWindows := ASource.FWithChildWindows;
FDrawable := ASource.FDrawable;
if Assigned(ASource.FPixbuf) then gdk_pixbuf_ref(ASource.FPixbuf);
if Assigned(FPixbuf) then gdk_pixbuf_unref(FPixbuf);
FPixbuf := ASource.Pixbuf;
FOriginalDrawable := ASource.FOriginalDrawable;