← Back to branch summary

~ubuntu-branches/ubuntu/hardy/glib2.0/hardy-updates

« back to all changes in this revision

Viewing changes to gobject/gtype.c

  • Committer: Bazaar Package Importer
  • Author(s): Jamie Strandboge
  • Date: 2009-03-12 16:46:11 UTC
  • mfrom: (67.1.7 hardy-proposed)
  • Revision ID: james.westby@ubuntu.com-20090312164611-31v55ts0v0j0u06k
Tags: 2.16.6-0ubuntu1.1
* SECURITY UPDATE: possible arbitrary code execution when processing large
  Base64 strings
  - debian/patches/91_CVE-2008-4316.patch: update glib/gbase64.c to properly
    verify the string length and set the length of the output buffer.
  - CVE-2008-4316

Show diffs side-by-side

added added

removed removed

Lines of Context:
gobject/gtype.c
2363
2363
g_type_class_ref (GType type)
2364
2364
{
2365
2365
  TypeNode *node;
2366
 
  
2367
 
  /* optimize for common code path
2368
 
   */
 
2366
  GType ptype;
 
2367
 
 
2368
  /* optimize for common code path */
2369
2369
  G_WRITE_LOCK (&type_rw_lock);
2370
2370
  node = lookup_type_node_I (type);
2371
2371
  if (node && node->is_classed && node->data &&
2372
 
      node->data->class.class && node->data->common.ref_count > 0)
 
2372
      node->data->class.class &&
 
2373
      node->data->class.init_state == INITIALIZED)
2373
2374
    {
2374
2375
      type_data_ref_Wm (node);
2375
2376
      G_WRITE_UNLOCK (&type_rw_lock);
2376
 
      
2377
2377
      return node->data->class.class;
2378
2378
    }
2379
 
  
2380
2379
  if (!node || !node->is_classed ||
2381
2380
      (node->data && node->data->common.ref_count < 1))
2382
2381
    {
2385
2384
                 type_descriptive_name_I (type));
2386
2385
      return NULL;
2387
2386
    }
2388
 
 
2389
2387
  type_data_ref_Wm (node);
 
2388
  ptype = NODE_PARENT_TYPE (node);
 
2389
  G_WRITE_UNLOCK (&type_rw_lock);
2390
2390
 
 
2391
  g_static_rec_mutex_lock (&class_init_rec_mutex); /* required locking order: 1) class_init_rec_mutex, 2) type_rw_lock */
 
2392
  /* here, we either have node->data->class.class == NULL, or a recursive
 
2393
   * call to g_type_class_ref() with a partly initialized class, or
 
2394
   * node->data->class.init_state == INITIALIZED, because any
 
2395
   * concurrently running initialization was guarded by class_init_rec_mutex.
 
2396
   */
2391
2397
  if (!node->data->class.class) /* class uninitialized */
2392
2398
    {
2393
 
      GType ptype = NODE_PARENT_TYPE (node);
2394
 
      GTypeClass *pclass = NULL;
2395
 
      G_WRITE_UNLOCK (&type_rw_lock);
2396
 
      g_static_rec_mutex_lock (&class_init_rec_mutex); /* required locking order: 1) class_init_rec_mutex, 2) type_rw_lock */
2397
 
      if (ptype)
2398
 
        {
2399
 
          pclass = g_type_class_ref (ptype);
2400
 
          G_WRITE_LOCK (&type_rw_lock);
2401
 
          node = lookup_type_node_I (type);
2402
 
          if (node->data->class.class)
2403
 
            INVALID_RECURSION ("g_type_plugin_*", node->plugin, NODE_NAME (node));
2404
 
        }
2405
 
      else
2406
 
        {
2407
 
          G_WRITE_LOCK (&type_rw_lock);
2408
 
          node = lookup_type_node_I (type);
2409
 
        }
2410
 
      if (!node->data->class.class) /* class could have been initialized meanwhile */
2411
 
        type_class_init_Wm (node, pclass);
2412
 
      G_WRITE_UNLOCK (&type_rw_lock);
2413
 
      g_static_rec_mutex_unlock (&class_init_rec_mutex);
 
2399
      /* acquire reference on parent class */
 
2400
      GTypeClass *pclass = ptype ? g_type_class_ref (ptype) : NULL;
 
2401
      G_WRITE_LOCK (&type_rw_lock);
 
2402
      if (node->data->class.class) /* class was initialized during parent class initialization? */
 
2403
        INVALID_RECURSION ("g_type_plugin_*", node->plugin, NODE_NAME (node));
 
2404
      type_class_init_Wm (node, pclass);
 
2405
      G_WRITE_UNLOCK (&type_rw_lock);
2414
2406
    }
 
2407
  g_static_rec_mutex_unlock (&class_init_rec_mutex);
 
2408
 
2415
2409
  return node->data->class.class;
2416
2410
}
2417
2411