From 4238b0a27a3621f4181d38821a4eaee9f0ac1244 Mon Sep 17 00:00:00 2001 From: Andrea Azzarone Date: Fri, 18 Jan 2019 16:14:57 +0000 Subject: [PATCH 3/5] tracker-monitor: Prevent stack smashing Make sure to use GPOINTER_TO_UINT when using g_hash_table_lookup_extended() to prevent stack smashing. This will make sure that in the architectures where sizeof(GFileMonitorEvent) < sizeof(gpointer), g_hash_table_lookup_extended() will not write more bytes than prev_event_type can hold. Bug-Upstream: https://gitlab.gnome.org/GNOME/tracker/issues/71 Origin: upstream, commit:63c0a5d4413e53cb76089fda6f56b2d623c5de15 Applied-Upstream: 2.2.0 --- src/libtracker-miner/tracker-monitor.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/libtracker-miner/tracker-monitor.c b/src/libtracker-miner/tracker-monitor.c index 54cd3e8fb..f2431b646 100644 --- a/src/libtracker-miner/tracker-monitor.c +++ b/src/libtracker-miner/tracker-monitor.c @@ -611,10 +611,12 @@ flush_cached_event (TrackerMonitor *monitor, GFile *file, gboolean is_directory) { - GFileMonitorEvent prev_event_type; + gpointer value = NULL; if (g_hash_table_lookup_extended (monitor->priv->cached_events, - file, NULL, (gpointer*) &prev_event_type)) { + file, NULL, &value)) { + GFileMonitorEvent prev_event_type = GPOINTER_TO_UINT (value); + g_hash_table_remove (monitor->priv->cached_events, file); emit_signal_for_event (monitor, prev_event_type, is_directory, file, NULL); -- 2.17.0