DBusString: fix may crash if try to free an uninitialized str

If the str will be freed hasn't been initialized by _dbus_string_init
correctly, _dbus_string_free may crash due to trying to free an
undefined memory.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=65959
Signed-off-by: Chengwei Yang <chengwei.yang@intel.com>
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>

diff --git a/dbus/dbus-string.c b/dbus/dbus-string.c
index e3766aa..52eb0f2 100644 (file)
--- a/dbus/dbus-string.c
+++ b/dbus/dbus-string.c
@@ -246,6 +246,14 @@ _dbus_string_free (DBusString *str)
   
   if (real->constant)
     return;
+
+  /* so it's safe if @p str returned by a failed
+   * _dbus_string_init call
+   * Bug: https://bugs.freedesktop.org/show_bug.cgi?id=65959
+   */
+  if (real->str == NULL)
+    return;
+
   dbus_free (real->str - real->align_offset);
 
   real->invalid = TRUE;