fix: Fix use-after-free bug in desktop notifications.

TokTok · Nov 22, 2024 · 34526c8 · 34526c8
1 parent 0d06a4b
commit 34526c8
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 8 deletions.
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -18,7 +18,7 @@ option(SPELL_CHECK "Enable spell cheching support" ON)
 option(SVGZ_ICON "Compress the SVG icon of qTox" ON)
 option(ASAN "Compile with AddressSanitizer" OFF)
 option(TSAN "Compile with ThreadSanitizer" OFF)
-option(DESKTOP_NOTIFICATIONS "Use snorenotify for desktop notifications" OFF)
+option(DESKTOP_NOTIFICATIONS "Use libnotify for desktop notifications" OFF)
 option(STRICT_OPTIONS "Error on compile warning, used by CI" OFF)
 
 # process generated files if cmake >= 3.10

diff --git a/INSTALL.md b/INSTALL.md
@@ -50,7 +50,7 @@
 | [qrencode]    | >= 3.0.3  |                                                          |
 | [sqlcipher]   | >= 3.2.0  |                                                          |
 | [pkg-config]  | >= 0.28   |                                                          |
-| [snorenotify] | >= 0.7.0  | optional dependency                                      |
+| [libnotify]   | >= 0.7.9  | optional dependency                                      |
 
 ## Optional dependencies
 
@@ -95,9 +95,9 @@ Disabled if dependencies are missing during compilation.
 
 Disabled by default
 
-| Name          | Version  |
-| ------------- | -------- |
-| [snorenotify] | >= 0.7.0 |
+| Name        | Version  |
+| ----------- | -------- |
+| [libnotify] | >= 0.7.9 |
 
 To enable: `-DDESKTOP_NOTIFICATIONS=True`
 
@@ -471,5 +471,5 @@ Switches:
 [Qt]: https://www.qt.io/
 [toxcore]: https://github.com/TokTok/c-toxcore/
 [sonnet]: https://github.com/KDE/sonnet
-[snorenotify]: https://techbase.kde.org/Projects/Snorenotify
+[libnotify]: https://gitlab.gnome.org/GNOME/libnotify
 [sqlcipher]: https://github.com/sqlcipher/sqlcipher
diff --git a/src/platform/desktop_notifications/desktopnotify.cpp b/src/platform/desktop_notifications/desktopnotify.cpp
@@ -22,8 +22,15 @@ namespace {
 GdkPixbuf* convert(const QPixmap& pixmap)
 {
     const QImage image = pixmap.toImage();
-    return gdk_pixbuf_new_from_data(image.bits(), GDK_COLORSPACE_RGB, true, 8, image.width(),
-                                    image.height(), image.bytesPerLine(), nullptr, nullptr);
+    guchar* dataCopy = new guchar[image.sizeInBytes()];
+    std::copy(image.bits(), image.bits() + image.sizeInBytes(), dataCopy);
+    return gdk_pixbuf_new_from_data(
+        dataCopy, GDK_COLORSPACE_RGB, true, 8, image.width(), image.height(), image.bytesPerLine(),
+        [](guchar* data, gpointer user_data) {
+            std::ignore = user_data;
+            delete[] data;
+        },
+        nullptr);
 }
 
 } // namespace