From a750acab78cf38ca8f010c4ac81ec948faa79dd5 Mon Sep 17 00:00:00 2001
From: Julian Eisel <julian@blender.org>
Date: Mon, 2 Nov 2020 21:47:08 +0100
Subject: Fix possible use-after-free when closing Blender with File Browser
 open

I think there wasn't actually any issue currently, but only by luck. We still
passed around and NULL-checked a pointer to freed memory (the file operator,
`SpaceFile.op`) which is easy to break and should be avoided.
Noticed while testing D8598.
---
 source/blender/editors/include/ED_fileselect.h |  4 ++++
 source/blender/editors/space_file/filesel.c    | 18 ++++++++++++++++++
 2 files changed, 22 insertions(+)

(limited to 'source/blender/editors')

diff --git a/source/blender/editors/include/ED_fileselect.h b/source/blender/editors/include/ED_fileselect.h
index 341f97943a5..84808416074 100644
--- a/source/blender/editors/include/ED_fileselect.h
+++ b/source/blender/editors/include/ED_fileselect.h
@@ -35,6 +35,7 @@ struct SpaceFile;
 struct bContext;
 struct bScreen;
 struct uiBlock;
+struct wmOperator;
 struct wmWindow;
 struct wmWindowManager;
 
@@ -145,6 +146,9 @@ void ED_fileselect_window_params_get(const struct wmWindow *win,
                                      int win_size[2],
                                      bool *is_maximized);
 
+struct ScrArea *ED_fileselect_handler_area_find(const struct wmWindow *win,
+                                                const struct wmOperator *file_operator);
+
 int ED_path_extension_type(const char *path);
 int ED_file_extension_icon(const char *path);
 
diff --git a/source/blender/editors/space_file/filesel.c b/source/blender/editors/space_file/filesel.c
index 42b2806814b..5d90403937a 100644
--- a/source/blender/editors/space_file/filesel.c
+++ b/source/blender/editors/space_file/filesel.c
@@ -61,6 +61,7 @@
 #include "BLF_api.h"
 
 #include "ED_fileselect.h"
+#include "ED_screen.h"
 
 #include "WM_api.h"
 #include "WM_types.h"
@@ -1050,3 +1051,20 @@ void file_params_renamefile_activate(SpaceFile *sfile, FileSelectParams *params)
     params->rename_flag = 0;
   }
 }
+
+ScrArea *ED_fileselect_handler_area_find(const wmWindow *win, const wmOperator *file_operator)
+{
+  bScreen *screen = WM_window_get_active_screen(win);
+
+  ED_screen_areas_iter (win, screen, area) {
+    if (area->spacetype == SPACE_FILE) {
+      SpaceFile *sfile = area->spacedata.first;
+
+      if (sfile->op == file_operator) {
+        return area;
+      }
+    }
+  }
+
+  return NULL;
+}
-- 
cgit v1.2.3