From 8ef197b1dad13fd105e8a4bccc80759878cd7755 Mon Sep 17 00:00:00 2001
From: Gary Li <gary.li1@uwaterloo.ca>
Date: Wed, 26 Oct 2022 15:23:35 +0000
Subject: [PATCH] shell: Fix use-after-free on a modified document

Fix use-after-free on a modified document by disconnecting document
modified signal on window close.

Fixes #1766
---
 shell/ev-window.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/shell/ev-window.c b/shell/ev-window.c
index bed494e0..1cca24ac 100644
--- a/shell/ev-window.c
+++ b/shell/ev-window.c
@@ -209,6 +209,7 @@ typedef struct {
 
 	/* Has the document been modified? */
 	gboolean is_modified;
+	guint modified_handler_id;
 
 	/* Load params */
 	EvLinkDest       *dest;
@@ -1789,7 +1790,7 @@ ev_window_set_document (EvWindow *ev_window, EvDocument *document)
 	}
 
 	priv->is_modified = FALSE;
-	g_signal_connect (document, "notify::modified", G_CALLBACK (ev_window_document_modified_cb), ev_window);
+	priv->modified_handler_id = g_signal_connect (document, "notify::modified", G_CALLBACK (ev_window_document_modified_cb), ev_window);
 
 	if (priv->setup_document_idle > 0)
 		g_source_remove (priv->setup_document_idle);
@@ -4124,6 +4125,11 @@ ev_window_close (EvWindow *ev_window)
 		ev_document_model_set_page (priv->model, current_page);
 	}
 
+	if (priv->modified_handler_id) {
+		g_signal_handler_disconnect (priv->document, priv->modified_handler_id);
+		priv->modified_handler_id = 0;
+	}
+
 	if (ev_window_check_document_modified (ev_window, EV_WINDOW_ACTION_CLOSE))
 		return FALSE;