From bcbafc9369719f737ee3305ac347a9480f4bfd94 Mon Sep 17 00:00:00 2001 From: Phillip Davis Date: Fri, 31 Oct 2025 14:51:16 -0400 Subject: [PATCH] fix TOCTOU in command pager - in CommandSession constructor, must construct a hard reference to the ViewPager to make garbage collection impossible until at least `getContext()` is called - in setupLayoutManager, current code doesn't have a case for if mPager is null. Probably we wouldn't be there anyway, but in any case the `ctx` parameter should be equivalent, i.e., it should refer to the ActivityContext, so we use that instead of going through mPager --- .../java/eu/siacs/conversations/entities/Conversation.java | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/main/java/eu/siacs/conversations/entities/Conversation.java b/src/main/java/eu/siacs/conversations/entities/Conversation.java index 8095ba5f7a2319cd10cc0cc199a6c58f95e7195e..c3fd28b7d6a27422662309f352543c50998da7af 100644 --- a/src/main/java/eu/siacs/conversations/entities/Conversation.java +++ b/src/main/java/eu/siacs/conversations/entities/Conversation.java @@ -3144,7 +3144,8 @@ public class Conversation extends AbstractEntity mTitle = title; mNode = node; this.xmppConnectionService = xmppConnectionService; - if (mPager.get() != null) setupLayoutManager(mPager.get().getContext()); + ViewPager pager = mPager.get(); + if (pager != null) setupLayoutManager(pager.getContext()); } public String getTitle() { @@ -3652,7 +3653,7 @@ public class Conversation extends AbstractEntity if (reported != null) { float screenWidth = ctx.getResources().getDisplayMetrics().widthPixels; - TextPaint paint = ((TextView) LayoutInflater.from(mPager.get().getContext()).inflate(R.layout.command_result_cell, null)).getPaint(); + TextPaint paint = ((TextView) LayoutInflater.from(ctx).inflate(R.layout.command_result_cell, null)).getPaint(); float tableHeaderWidth = reported.stream().reduce( 0f, (total, field) -> total + StaticLayout.getDesiredWidth(field.getLabel().or("--------") + "\t", paint),