color-device: Don't close lcms profile on error from cd_icc_load_handle
As implemented in colord 1.4.6, cd_icc_load_handle() has three possible results: 1. success, taking ownership of the profile; 2. failure because cmsGetProfileContextID returns NULL, *not* taking ownership of the profile; 3. failure in cd_icc_load(), taking ownership of the profile. The previous commit ensures that we are not in case 2. In case 3 where cd_icc_load() fails, ownership was already given to the colord CdIcc object, so it will be freed when the g_autoptr unrefs the CdIcc, and we must not free it again: that would be a double-free, potentially resulting in memory corruption. Resolves: https://gitlab.gnome.org/GNOME/mutter/-/issues/2659 Signed-off-by:Simon McVittie <smcv@debian.org> Part-of: <https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/2877> (cherry picked from commit ed12df10)
parent
c418c449
Please register or sign in to comment