From d1ece4bb12bba4cbe9cc933206caaa2b79c7011d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= Date: Tue, 22 Oct 2024 16:34:03 +0300 Subject: [PATCH] validate: Don't use glib::translate::Borrowed in safe bindings It allows use-after-free. Part-of: --- gstreamer-validate/src/action_type.rs | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/gstreamer-validate/src/action_type.rs b/gstreamer-validate/src/action_type.rs index db6e520a2..c7206d54b 100644 --- a/gstreamer-validate/src/action_type.rs +++ b/gstreamer-validate/src/action_type.rs @@ -176,10 +176,7 @@ impl<'a> ActionParameterBuilder<'a> { } } -type ActionFunction = dyn Fn( - &crate::Scenario, - glib::translate::Borrowed, - ) -> Result +type ActionFunction = dyn Fn(&crate::Scenario, &mut crate::ActionRef) -> Result + Sync + Send + 'static; @@ -201,7 +198,7 @@ impl<'a> ActionTypeBuilder<'a> { pub fn new< F: Fn( &crate::Scenario, - glib::translate::Borrowed, + &mut crate::ActionRef, ) -> Result + Send + Sync @@ -325,21 +322,20 @@ impl<'a> ActionTypeBuilder<'a> { ) -> c_int { let action_type = ffi::gst_validate_get_action_type((*action).type_); let scenario = from_glib_borrow(scenario); - let raction = from_glib_borrow(action); let func: &ActionFunction = &*(gst::ffi::gst_mini_object_get_qdata( action_type as *mut gst::ffi::GstMiniObject, QUARK_ACTION_TYPE_FUNC.get().unwrap().into_glib(), ) as *const Box); - let res = (*func)(&scenario, raction); + let res = (*func)(&scenario, crate::ActionRef::from_mut_ptr(action)); if let Err(crate::ActionError::Error(ref err)) = res { scenario .dynamic_cast_ref::() .unwrap() .report_action( - &crate::Action::from_glib_none(action), + &from_glib_borrow(action), glib::Quark::from_str("scenario::execution-error"), err, );