From 6023acc10e695f24193de4cedbfea6d6c1d9bbad Mon Sep 17 00:00:00 2001
From: Christopher Snowhill <kode54@gmail.com>
Date: Sat, 3 Dec 2022 22:13:14 -0800
Subject: [PATCH] Sandbox: Fixed another outstanding sync bug

Releasing sandbox access was incorrectly synchronizing on the object,
but still running code in the calling thread. It has been updated to
match the rest of the interface, which serializes all access through the
main thread only. This should prevent the sandbox from carrying stale
handles to already-released objects.

Signed-off-by: Christopher Snowhill <kode54@gmail.com>
---
 Utils/SandboxBroker.m | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/Utils/SandboxBroker.m b/Utils/SandboxBroker.m
index 5ddb0f92f..8db77fde2 100644
--- a/Utils/SandboxBroker.m
+++ b/Utils/SandboxBroker.m
@@ -455,10 +455,9 @@ static inline void dispatch_sync_reentrant(dispatch_queue_t queue, dispatch_bloc
 	SandboxEntry *entry = CFBridgingRelease(handle);
 	if(!entry) return;
 
-	@synchronized(self) {
+	dispatch_sync_reentrant(dispatch_get_main_queue(), ^{
 		if(entry.refCount > 1) {
 			entry.refCount -= 1;
-			return;
 		} else {
 			if(entry.secureUrl) {
 				[entry.secureUrl stopAccessingSecurityScopedResource];
@@ -466,9 +465,9 @@ static inline void dispatch_sync_reentrant(dispatch_queue_t queue, dispatch_bloc
 			}
 			entry.refCount = 0;
 
-			[storage removeObject:entry];
+			[self->storage removeObject:entry];
 		}
-	}
+	});
 }
 
 - (BOOL)areAllPathsSafe:(NSArray *)urls {