From 3e59822753a7e7f4822644c9fd345cd71de6addd Mon Sep 17 00:00:00 2001
From: deepend <deepend@tilde.club>
Date: Sun, 15 Feb 2026 15:41:28 -0700
Subject: [PATCH] Reviewed the plugin GUI code path and fixed two crash-prone
 null-handling cases that are especially risky on Windows plugin metadata
 paths: fe_pluginlist_update() now guards against pl == NULL, pl->version ==
 NULL, and pl->filename == NULL before dereferencing, and uses safe
 empty-string fallbacks for filename-backed columns. This prevents null
 dereferences from malformed or partially-populated plugin entries.
 plugingui_unload() now early-returns when the selected plugin filepath is
 NULL/empty before suffix checks and command formatting, preventing invalid
 string operations in unload flow.

---
 src/fe-gtk/plugingui.c | 22 +++++++++++++++++++---
 1 file changed, 19 insertions(+), 3 deletions(-)

diff --git a/src/fe-gtk/plugingui.c b/src/fe-gtk/plugingui.c
index 5c9564ea..176a0c5d 100644
--- a/src/fe-gtk/plugingui.c
+++ b/src/fe-gtk/plugingui.c
@@ -48,6 +48,12 @@ enum
 
 static GtkWidget *plugin_window = NULL;
 
+static const char *
+plugingui_safe_string (const char *value)
+{
+	return value ? value : "";
+}
+
 static session *
 plugingui_get_target_session (void)
 {
@@ -169,14 +175,14 @@ fe_pluginlist_update (void)
 	while (list)
 	{
 		pl = list->data;
-		if (pl->version[0] != 0)
+		if (pl && pl->version && pl->version[0] != 0)
 		{
 			gtk_list_store_append (store, &iter);
 			gtk_list_store_set (store, &iter, NAME_COLUMN, pl->name,
 			                    VERSION_COLUMN, pl->version,
-			                    FILE_COLUMN, file_part (pl->filename),
+			                    FILE_COLUMN, pl->filename ? file_part (pl->filename) : "",
 			                    DESC_COLUMN, pl->desc,
-			                    FILEPATH_COLUMN, pl->filename, -1);
+			                    FILEPATH_COLUMN, plugingui_safe_string (pl->filename), -1);
 		}
 		list = list->next;
 	}
@@ -236,6 +242,12 @@ plugingui_unload (GtkWidget * wid, gpointer unused)
 	if (!gtkutil_treeview_get_selected (view, &iter, NAME_COLUMN, &modname,
 	                                    FILEPATH_COLUMN, &file, -1))
 		return;
+	if (!file || !*file)
+	{
+		g_free (modname);
+		g_free (file);
+		return;
+	}
 
 	if (g_str_has_suffix (file, "."PLUGIN_SUFFIX))
 	{
@@ -315,7 +327,11 @@ plugingui_open (void)
 	view = plugingui_treeview_new (vbox);
 	view_scroll = gtk_widget_get_parent (view);
 	if (view_scroll)
+	{
 		gtk_box_set_child_packing (GTK_BOX (vbox), view_scroll, TRUE, TRUE, 0, GTK_PACK_START);
+		gtk_widget_set_hexpand (view_scroll, TRUE);
+		gtk_widget_set_vexpand (view_scroll, TRUE);
+	}
 	g_object_set_data (G_OBJECT (plugin_window), "view", view);