From 60c05710b100a96aa3259f0d47170122b80bbca3 Mon Sep 17 00:00:00 2001
From: deepend <deepend@tilde.club>
Date: Sun, 15 Feb 2026 15:57:19 -0700
Subject: [PATCH] =?UTF-8?q?Reviewed=20src/fe-gtk/plugingui.c=20and=20fixed?=
 =?UTF-8?q?=20several=20crash-prone=20assumptions=20in=20the=20plugin=20GU?=
 =?UTF-8?q?I=20code=20path=20that=20can=20surface=20on=20Windows=20during?=
 =?UTF-8?q?=20plugin=20load/unload=20lifecycle=20edges:=20=20=20=20=20Adde?=
 =?UTF-8?q?d=20type=20guards=20before=20using=20the=20stored=20plugin=20vi?=
 =?UTF-8?q?ew/model=20(GTK=5FIS=5FTREE=5FVIEW,=20GTK=5FIS=5FLIST=5FSTORE)?=
 =?UTF-8?q?=20so=20stale=20or=20unexpected=20object=20data=20doesn?=
 =?UTF-8?q?=E2=80=99t=20get=20dereferenced.=20=20=20=20=20Switched=20plugi?=
 =?UTF-8?q?n=20list=20population=20to=20always=20pass=20non-null=20strings?=
 =?UTF-8?q?=20for=20name/version/description=20via=20plugingui=5Fsafe=5Fst?=
 =?UTF-8?q?ring,=20preventing=20null=20string=20propagation=20into=20GTK?=
 =?UTF-8?q?=20model=20setters.=20=20=20=20=20Added=20an=20unload=20guard?=
 =?UTF-8?q?=20for=20empty/null=20modname=20before=20calling=20unload=20log?=
 =?UTF-8?q?ic,=20preventing=20unsafe=20calls=20into=20plugin=20teardown=20?=
 =?UTF-8?q?paths=20with=20invalid=20identifiers.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/fe-gtk/plugingui.c | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/src/fe-gtk/plugingui.c b/src/fe-gtk/plugingui.c
index 176a0c5d..04031f86 100644
--- a/src/fe-gtk/plugingui.c
+++ b/src/fe-gtk/plugingui.c
@@ -168,7 +168,13 @@ fe_pluginlist_update (void)
 		return;
 
 	view = g_object_get_data (G_OBJECT (plugin_window), "view");
+	if (!GTK_IS_TREE_VIEW (view))
+		return;
+
 	store = GTK_LIST_STORE (gtk_tree_view_get_model (view));
+	if (!GTK_IS_LIST_STORE (store))
+		return;
+
 	gtk_list_store_clear (store);
 
 	list = plugin_list;
@@ -178,10 +184,10 @@ fe_pluginlist_update (void)
 		if (pl && pl->version && pl->version[0] != 0)
 		{
 			gtk_list_store_append (store, &iter);
-			gtk_list_store_set (store, &iter, NAME_COLUMN, pl->name,
-			                    VERSION_COLUMN, pl->version,
+			gtk_list_store_set (store, &iter, NAME_COLUMN, plugingui_safe_string (pl->name),
+			                    VERSION_COLUMN, plugingui_safe_string (pl->version),
 			                    FILE_COLUMN, pl->filename ? file_part (pl->filename) : "",
-			                    DESC_COLUMN, pl->desc,
+			                    DESC_COLUMN, plugingui_safe_string (pl->desc),
 			                    FILEPATH_COLUMN, plugingui_safe_string (pl->filename), -1);
 		}
 		list = list->next;
@@ -242,6 +248,12 @@ plugingui_unload (GtkWidget * wid, gpointer unused)
 	if (!gtkutil_treeview_get_selected (view, &iter, NAME_COLUMN, &modname,
 	                                    FILEPATH_COLUMN, &file, -1))
 		return;
+	if (!modname || !*modname)
+	{
+		g_free (modname);
+		g_free (file);
+		return;
+	}
 	if (!file || !*file)
 	{
 		g_free (modname);