From 38ac8f2473a2843dc99d4ab73e0c51272b5fabb5 Mon Sep 17 00:00:00 2001
From: Christophe Fergeau <cfergeau@redhat.com>
Date: Sat, 4 Jun 2016 11:31:48 +0200
Subject: tools: Fix OsinfoOs leak in osinfo-install-script

The OsinfoOs instance returned by osinfo_media_get_os() must be unref'ed
when no longer needed.
osinfo-install-script has code doing:
if (media == NULL) {
        os = find_os();
} else {
        os = osinfo_media_get_os();
}

find_os() does not return a ref'ed OsinfoOs to the caller, while
osinfo_media_get_os() does. In order to make it possible to release the
ref returned by osinfo_media_get_os(), this commit changes find_os() to
always ref the OsinfoOs instance it returns.

Moreover, one of the codepaths in find_os() looks like it was
potentially returning an invalid pointer:

os = OSINFO_OS(osinfo_list_get_nth(OSINFO_LIST(filteredList), 0));
g_object_unref(filteredList);

The OsinfoOs instance was probably kept alive by references held outside
of the filtered list, but it's safer to keep a reference to ourselves,
which this commit is doing anyway in order to fix find_os() memory
handling.
---
 tools/osinfo-install-script.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'tools')

diff --git a/tools/osinfo-install-script.c b/tools/osinfo-install-script.c
index 915d07e..75bfda1 100644
--- a/tools/osinfo-install-script.c
+++ b/tools/osinfo-install-script.c
@@ -99,7 +99,7 @@ static OsinfoOs *find_os(OsinfoDb *db,
     os = osinfo_db_get_os(db, idoruri);
 
     if (os)
-        return os;
+        return g_object_ref(os);
 
     oslist = osinfo_db_get_os_list(db);
     filter = osinfo_filter_new();
@@ -110,8 +110,10 @@ static OsinfoOs *find_os(OsinfoDb *db,
     filteredList = OSINFO_OSLIST(osinfo_list_new_filtered(OSINFO_LIST(oslist),
                                                           filter));
 
-    if (osinfo_list_get_length(OSINFO_LIST(filteredList)) > 0)
+    if (osinfo_list_get_length(OSINFO_LIST(filteredList)) > 0) {
         os = OSINFO_OS(osinfo_list_get_nth(OSINFO_LIST(filteredList), 0));
+        g_object_ref(os);
+    }
 
     g_object_unref(oslist);
     g_object_unref(filteredList);
@@ -392,6 +394,7 @@ EXIT:
     if (media != NULL)
         g_object_unref(media);
     g_clear_error(&error);
+    g_clear_object(&os);
     g_clear_object(&loader);
     g_option_context_free(context);
 
-- 
cgit v1.2.1