|
 |
3c437c |
From 90714db611d6ced5202421ef3ba99334f1e9e6ec Mon Sep 17 00:00:00 2001
|
|
|
3c437c |
From: Matthias Clasen <mclasen@redhat.com>
|
|
|
3c437c |
Date: Fri, 1 Nov 2013 16:30:06 -0400
|
|
|
3c437c |
Subject: [PATCH] Fix a possible crash in the presence interface
|
|
|
3c437c |
|
|
|
3c437c |
Improper error handling in gsm_presence_set_status_text() would
|
|
|
3c437c |
lead to a double free on the next call to that function.
|
|
|
3c437c |
Found using the dfuzzer tool,
|
|
|
3c437c |
https://github.com/matusmarhefka/dfuzzer
|
|
|
3c437c |
---
|
|
|
3c437c |
gnome-session/gsm-presence.c | 9 +++++----
|
|
|
3c437c |
1 file changed, 5 insertions(+), 4 deletions(-)
|
|
|
3c437c |
|
|
|
3c437c |
diff --git a/gnome-session/gsm-presence.c b/gnome-session/gsm-presence.c
|
|
|
3c437c |
index f6a022f..93ca1a0 100644
|
|
|
3c437c |
--- a/gnome-session/gsm-presence.c
|
|
|
3c437c |
+++ b/gnome-session/gsm-presence.c
|
|
|
3c437c |
@@ -365,6 +365,7 @@ gsm_presence_set_status_text (GsmPresence *presence,
|
|
|
3c437c |
g_return_val_if_fail (GSM_IS_PRESENCE (presence), FALSE);
|
|
|
3c437c |
|
|
|
3c437c |
g_free (presence->priv->status_text);
|
|
|
3c437c |
+ presence->priv->status_text = NULL;
|
|
|
3c437c |
|
|
|
3c437c |
/* check length */
|
|
|
3c437c |
if (status_text != NULL && strlen (status_text) > MAX_STATUS_TEXT) {
|
|
|
3c437c |
@@ -377,11 +378,11 @@ gsm_presence_set_status_text (GsmPresence *presence,
|
|
|
3c437c |
|
|
|
3c437c |
if (status_text != NULL) {
|
|
|
3c437c |
presence->priv->status_text = g_strdup (status_text);
|
|
|
3c437c |
- } else {
|
|
|
3c437c |
- presence->priv->status_text = g_strdup ("");
|
|
|
3c437c |
}
|
|
|
3c437c |
+
|
|
|
3c437c |
g_object_notify (G_OBJECT (presence), "status-text");
|
|
|
3c437c |
- g_signal_emit (presence, signals[STATUS_TEXT_CHANGED], 0, presence->priv->status_text);
|
|
|
3c437c |
+ g_signal_emit (presence, signals[STATUS_TEXT_CHANGED], 0,
|
|
|
3c437c |
+ presence->priv->status_text ? presence->priv->status_text : "");
|
|
|
3c437c |
return TRUE;
|
|
|
3c437c |
}
|
|
|
3c437c |
|
|
|
3c437c |
@@ -457,7 +458,7 @@ gsm_presence_get_property (GObject *object,
|
|
|
3c437c |
g_value_set_uint (value, self->priv->status);
|
|
|
3c437c |
break;
|
|
|
3c437c |
case PROP_STATUS_TEXT:
|
|
|
3c437c |
- g_value_set_string (value, self->priv->status_text);
|
|
|
3c437c |
+ g_value_set_string (value, self->priv->status_text ? self->priv->status_text : "");
|
|
|
3c437c |
break;
|
|
|
3c437c |
case PROP_IDLE_ENABLED:
|
|
|
3c437c |
g_value_set_boolean (value, self->priv->idle_enabled);
|
|
|
3c437c |
--
|
|
|
3c437c |
1.8.4.2
|
|
|
3c437c |
|