[haiku-commits] haiku: hrev49011 - src/kits/tracker

  • From: mmlr@xxxxxxxx
  • To: haiku-commits@xxxxxxxxxxxxx
  • Date: Wed, 8 Apr 2015 17:09:59 +0200 (CEST)

hrev49011 adds 3 changesets to branch 'master'
old head: abf230a9ac4750f4cacfb1d4c8610732c15b417c
new head: 2bd0b27f5d9720741ba72afa21de0470b7521d13
overview:
http://cgit.haiku-os.org/haiku/log/?qt=range&q=2bd0b27f5d97+%5Eabf230a9ac47

----------------------------------------------------------------------------

d854f235bc70: Tracker: Remove an old PPC STL workaround.

0a74a0052690: Tracker: Remove two outdated comments, whitespace cleanup.

2bd0b27f5d97: Tracker: Fix use-after-free by ref filter of OpenWithPoseView.

Commit ea8b1e14 changed OpenWithPoseView from using ShouldShowPose for
filtering poses to a BRefFilter. The introduced ref filter used the
iterator handed to the BPoseView::AddPosesTask which took ownership
of that iterator and deleted it as soon as it was done. Since actually
adding the poses as well as further filtering is asynchronous and
happens after the AddPosesTask completes, the iterator was used after
it was already deleted.

Introduce BPoseView::ReturnDirentIterator() that is called after the
AddPosesTask is complete. The default version deletes the iterator,
the OpenWithPoseView overrides it and does nothing, it deletes the
iterator in the destructor instead.

Also fix leaking the ref filter. The BPoseView does not take ownership
of the filter as it usually comes from a BFilePanel which is documented
to not take ownership.

[ Michael Lotz <mmlr@xxxxxxxx> ]

----------------------------------------------------------------------------

5 files changed, 42 insertions(+), 21 deletions(-)
src/kits/tracker/OpenWithWindow.cpp | 25 +++++++++++++++++++++----
src/kits/tracker/OpenWithWindow.h | 6 ++++--
src/kits/tracker/PoseView.cpp | 28 ++++++++++++++--------------
src/kits/tracker/PoseView.h | 2 ++
src/kits/tracker/QueryPoseView.cpp | 2 +-

############################################################################

Commit: d854f235bc70c5d83f973134fd1a4d2c8629784b
URL: http://cgit.haiku-os.org/haiku/commit/?id=d854f235bc70
Author: Michael Lotz <mmlr@xxxxxxxx>
Date: Wed Apr 8 14:42:11 2015 UTC

Tracker: Remove an old PPC STL workaround.

----------------------------------------------------------------------------

diff --git a/src/kits/tracker/PoseView.cpp b/src/kits/tracker/PoseView.cpp
index 6143db2..a396ceb 100644
--- a/src/kits/tracker/PoseView.cpp
+++ b/src/kits/tracker/PoseView.cpp
@@ -1489,16 +1489,8 @@ BPoseView::AddPosesTask(void* castToParams)
delete container;
// build attributes menu based on mime types we've added

- if (lock.Lock()) {
-#ifdef MSIPL_COMPILE_H
- // workaround for broken PPC STL, not needed with the SGI headers for
x86
- set<thread_id>::iterator i =
view->fAddPosesThreads.find(threadID);
- if (i != view->fAddPosesThreads.end())
- view->fAddPosesThreads.erase(i);
-#else
+ if (lock.Lock())
view->fAddPosesThreads.erase(threadID);
-#endif
- }

return B_OK;
}

############################################################################

Commit: 0a74a00526901d507086cac0592c9940efc24e60
URL: http://cgit.haiku-os.org/haiku/commit/?id=0a74a0052690
Author: Michael Lotz <mmlr@xxxxxxxx>
Date: Wed Apr 8 14:48:10 2015 UTC

Tracker: Remove two outdated comments, whitespace cleanup.

----------------------------------------------------------------------------

diff --git a/src/kits/tracker/OpenWithWindow.cpp
b/src/kits/tracker/OpenWithWindow.cpp
index ff0edb4..3045a67 100644
--- a/src/kits/tracker/OpenWithWindow.cpp
+++ b/src/kits/tracker/OpenWithWindow.cpp
@@ -1400,7 +1400,7 @@ SearchForSignatureEntryList::Relation(const Model*
nodeModel,
{
int32 supportsMimeType = applicationModel->SupportsMimeType(
nodeModel->MimeType(), 0, true);
- switch (supportsMimeType) {
+ switch (supportsMimeType) {
case kDoesNotSupportType:
return kNoRelation;

diff --git a/src/kits/tracker/OpenWithWindow.h
b/src/kits/tracker/OpenWithWindow.h
index e8a625b..c5f0df6 100644
--- a/src/kits/tracker/OpenWithWindow.h
+++ b/src/kits/tracker/OpenWithWindow.h
@@ -261,7 +261,6 @@ private:
bool fHaveCommonPreferredApp;

SearchForSignatureEntryList* fIterator;
- // private copy of the iterator pointer

typedef BPoseView _inherited;
};
diff --git a/src/kits/tracker/PoseView.cpp b/src/kits/tracker/PoseView.cpp
index a396ceb..43b57c0 100644
--- a/src/kits/tracker/PoseView.cpp
+++ b/src/kits/tracker/PoseView.cpp
@@ -1487,7 +1487,6 @@ BPoseView::AddPosesTask(void* castToParams)

delete posesResult;
delete container;
- // build attributes menu based on mime types we've added

if (lock.Lock())
view->fAddPosesThreads.erase(threadID);
@@ -1911,7 +1910,7 @@ BPoseView::CreatePoses(Model** models, PoseInfo*
poseInfoArray, int32 count,
viewBounds.InsetBy(-20, -20);
}

- if (forceDraw &&
viewBounds.Intersects(poseBounds))
+ if (forceDraw &&
viewBounds.Intersects(poseBounds))
Invalidate(poseBounds);

// if this is the first item then we set extent
here
diff --git a/src/kits/tracker/QueryPoseView.cpp
b/src/kits/tracker/QueryPoseView.cpp
index cdfdd18..f621bb0 100644
--- a/src/kits/tracker/QueryPoseView.cpp
+++ b/src/kits/tracker/QueryPoseView.cpp
@@ -350,7 +350,7 @@ BQueryPoseView::InitDirentIterator(const entry_ref* ref)
#endif

// bump up to microseconds
- delta *= 1000000;
+ delta *= 1000000;

TTracker* tracker = dynamic_cast<TTracker*>(be_app);
ThrowOnAssert(tracker != NULL);

############################################################################

Revision: hrev49011
Commit: 2bd0b27f5d9720741ba72afa21de0470b7521d13
URL: http://cgit.haiku-os.org/haiku/commit/?id=2bd0b27f5d97
Author: Michael Lotz <mmlr@xxxxxxxx>
Date: Wed Apr 8 14:50:02 2015 UTC

Tracker: Fix use-after-free by ref filter of OpenWithPoseView.

Commit ea8b1e14 changed OpenWithPoseView from using ShouldShowPose for
filtering poses to a BRefFilter. The introduced ref filter used the
iterator handed to the BPoseView::AddPosesTask which took ownership
of that iterator and deleted it as soon as it was done. Since actually
adding the poses as well as further filtering is asynchronous and
happens after the AddPosesTask completes, the iterator was used after
it was already deleted.

Introduce BPoseView::ReturnDirentIterator() that is called after the
AddPosesTask is complete. The default version deletes the iterator,
the OpenWithPoseView overrides it and does nothing, it deletes the
iterator in the destructor instead.

Also fix leaking the ref filter. The BPoseView does not take ownership
of the filter as it usually comes from a BFilePanel which is documented
to not take ownership.

----------------------------------------------------------------------------

diff --git a/src/kits/tracker/OpenWithWindow.cpp
b/src/kits/tracker/OpenWithWindow.cpp
index 3045a67..6075002 100644
--- a/src/kits/tracker/OpenWithWindow.cpp
+++ b/src/kits/tracker/OpenWithWindow.cpp
@@ -536,7 +536,8 @@ OpenWithPoseView::OpenWithPoseView()
:
BPoseView(new Model(), kListMode),
fHaveCommonPreferredApp(false),
- fIterator(NULL)
+ fIterator(NULL),
+ fRefFilter(NULL)
{
fSavePoseLocations = false;
fMultipleSelection = false;
@@ -544,6 +545,13 @@ OpenWithPoseView::OpenWithPoseView()
}


+OpenWithPoseView::~OpenWithPoseView()
+{
+ delete fRefFilter;
+ delete fIterator;
+}
+
+
OpenWithContainerWindow*
OpenWithPoseView::ContainerWindow() const
{
@@ -665,14 +673,23 @@ OpenWithPoseView::InitDirentIterator(const entry_ref*)
HideBarberPole();
return NULL;
}
- SetRefFilter(new OpenWithRefFilter(fIterator, entryList,
- (fHaveCommonPreferredApp ? &fPreferredRef : 0)));
+
+ fRefFilter = new OpenWithRefFilter(fIterator, entryList,
+ fHaveCommonPreferredApp ? &fPreferredRef : 0);
+ SetRefFilter(fRefFilter);

return fIterator;
}


void
+OpenWithPoseView::ReturnDirentIterator(EntryListBase* iterator)
+{
+ // Do nothing. We keep our fIterator around as it is used by fRefFilter.
+}
+
+
+void
OpenWithPoseView::OpenSelection(BPose* pose, int32*)
{
OpenWithContainerWindow* window = ContainerWindow();
diff --git a/src/kits/tracker/OpenWithWindow.h
b/src/kits/tracker/OpenWithWindow.h
index c5f0df6..be4d980 100644
--- a/src/kits/tracker/OpenWithWindow.h
+++ b/src/kits/tracker/OpenWithWindow.h
@@ -200,6 +200,7 @@ private:
class OpenWithPoseView : public BPoseView {
public:
OpenWithPoseView();
+ virtual ~OpenWithPoseView();

virtual void OpenSelection(BPose*, int32*);
// open entries with the selected app
@@ -222,7 +223,8 @@ protected:
virtual void FinalStopWatching() {}

virtual void AttachedToWindow();
- EntryListBase* InitDirentIterator(const entry_ref* ref);
+ virtual EntryListBase* InitDirentIterator(const entry_ref* ref);
+ virtual void ReturnDirentIterator(EntryListBase* iterator);

virtual void SetUpDefaultColumnsIfNeeded();
// show launch window specific columns
@@ -261,6 +263,7 @@ private:
bool fHaveCommonPreferredApp;

SearchForSignatureEntryList* fIterator;
+ BRefFilter* fRefFilter;

typedef BPoseView _inherited;
};
diff --git a/src/kits/tracker/PoseView.cpp b/src/kits/tracker/PoseView.cpp
index 43b57c0..db5b039 100644
--- a/src/kits/tracker/PoseView.cpp
+++ b/src/kits/tracker/PoseView.cpp
@@ -1148,6 +1148,13 @@ BPoseView::InitDirentIterator(const entry_ref* ref)
}


+void
+BPoseView::ReturnDirentIterator(EntryListBase* iterator)
+{
+ delete iterator;
+}
+
+
uint32
BPoseView::WatchNewNodeMask()
{
@@ -1478,7 +1485,8 @@ BPoseView::AddPosesTask(void* castToParams)
PRINT(("add_poses cleanup \n"));
// failed to lock window, bail
delete posesResult;
- delete container;
+
+ view->ReturnDirentIterator(container);

return B_ERROR;
}
@@ -1486,7 +1494,8 @@ BPoseView::AddPosesTask(void* castToParams)
ASSERT(modelChunkIndex == -1);

delete posesResult;
- delete container;
+
+ view->ReturnDirentIterator(container);

if (lock.Lock())
view->fAddPosesThreads.erase(threadID);
diff --git a/src/kits/tracker/PoseView.h b/src/kits/tracker/PoseView.h
index 7b177ef..1ba2254 100644
--- a/src/kits/tracker/PoseView.h
+++ b/src/kits/tracker/PoseView.h
@@ -436,6 +436,8 @@ protected:
virtual EntryListBase* InitDirentIterator(const entry_ref*);
// sets up an entry iterator for _add_poses_
// overriden by QueryPoseView, etc. to provide different
iteration
+ virtual void ReturnDirentIterator(EntryListBase* iterator);
+ // returns the entry iterator after _add_poses_ is done

void Cleanup(bool doAll = false);
// clean up poses


Other related posts:

  • » [haiku-commits] haiku: hrev49011 - src/kits/tracker - mmlr