DBusString: fix may crash if try to free an uninitialized str

If the str will be freed hasn't been initialized by _dbus_string_init correctly, _dbus_string_free may crash due to trying to free an undefined memory. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=65959 Signed-off-by: Chengwei Yang <chengwei.yang@intel.com> Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
author: Chengwei Yang <chengwei.yang@intel.com> 2013-06-20 17:24:04 +0800
committer: Simon McVittie <simon.mcvittie@collabora.co.uk> 2013-06-20 13:16:25 +0100
commit: 8eb29fda102be3bd27b04a0b2d7f53a4dfb01f62 (patch)
tree: da58ad2542d772a3235e41753da5702ae3b48a64
parent: ba0f90c16fa502e81e74db7d2834c27e239b45ba (diff)
download: dbus-8eb29fda102be3bd27b04a0b2d7f53a4dfb01f62.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/dbus/dbus-string.c b/dbus/dbus-string.c
index e3766aad..52eb0f23 100644
--- a/dbus/dbus-string.c
+++ b/dbus/dbus-string.c
@@ -246,6 +246,14 @@ _dbus_string_free (DBusString *str)
   
   if (real->constant)
     return;
+
+  /* so it's safe if @p str returned by a failed
+   * _dbus_string_init call
+   * Bug: https://bugs.freedesktop.org/show_bug.cgi?id=65959
+   */
+  if (real->str == NULL)
+    return;
+
   dbus_free (real->str - real->align_offset);
 
   real->invalid = TRUE;
author	Chengwei Yang <chengwei.yang@intel.com>	2013-06-20 17:24:04 +0800
committer	Simon McVittie <simon.mcvittie@collabora.co.uk>	2013-06-20 13:16:25 +0100
commit	8eb29fda102be3bd27b04a0b2d7f53a4dfb01f62 (patch)
tree	da58ad2542d772a3235e41753da5702ae3b48a64
parent	ba0f90c16fa502e81e74db7d2834c27e239b45ba (diff)
download	dbus-8eb29fda102be3bd27b04a0b2d7f53a4dfb01f62.tar.gz