From 9b6d40905c21b476c58e9f9a908ddb32a0a56a18 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C4=9Bj=20Grabovsk=C3=BD?= <mgrabovs@redhat.com>
Date: Tue, 29 Sep 2020 19:14:05 +0200
Subject: [PATCH] gui-wizard-gtk: Don't autofree URL string
g_object_set_data() does not (and cannot) copy the data passed to it, so
once url is freed, a subsequent access to the 'url' tag leads to an
invalid read and segfault.
Bug was introduced in df386b097.
Resolves rhbz#1882328
---
src/gui-wizard-gtk/wizard.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/gui-wizard-gtk/wizard.c b/src/gui-wizard-gtk/wizard.c
index 0af19587..ba1998df 100644
--- a/src/gui-wizard-gtk/wizard.c
+++ b/src/gui-wizard-gtk/wizard.c
@@ -462,8 +462,8 @@ static void append_to_textview(GtkTextView *tv, const char *str)
GtkTextTag *tag;
tag = gtk_text_buffer_create_tag(tb, NULL, "foreground", "blue",
"underline", PANGO_UNDERLINE_SINGLE, NULL);
- g_autofree char *url = g_strndup(t->start, t->len);
- g_object_set_data(G_OBJECT(tag), "url", url);
+ char *url = g_strndup(t->start, t->len);
+ g_object_set_data_full(G_OBJECT(tag), "url", url, g_free);
gtk_text_buffer_insert_with_tags(tb, &text_iter, url, -1, tag, NULL);
--
2.26.2