Fix memory leak

 - The buffer pointed by the dynamically allocated structure is changed
   without free the memory under certain conditions. No pointer to
   buffer allocated by malloc.

Signed-off-by: seungha.son <seungha.son@samsung.com>
Change-Id: I436286b2a9b866c6244d6c0a91187cf26842cad0

diff --git a/src/badge_internal.c b/src/badge_internal.c
index d57946f..6adcb79 100755 (executable)
--- a/src/badge_internal.c
+++ b/src/badge_internal.c
@@ -1082,6 +1082,21 @@ static gint _badge_data_compare(gconstpointer a, gconstpointer b)
        return 1;
 }
 
+static struct _badge_cb_data *__malloc_badge_cb_data(badge_change_cb callback, void *data)
+{
+       struct _badge_cb_data *bd = NULL;
+       bd = (struct _badge_cb_data *)malloc(sizeof(struct _badge_cb_data));
+       if (bd == NULL) {
+               ERR("failed malloc badge_cb_data");
+               return NULL;
+       }
+
+       bd->callback = callback;
+       bd->data = data;
+
+       return bd;
+}
+
 int _badge_register_changed_cb(badge_change_cb callback, void *data, uid_t uid)
 {
        struct _badge_cb_data *bd = NULL;
@@ -1095,16 +1110,13 @@ int _badge_register_changed_cb(badge_change_cb callback, void *data, uid_t uid)
        if (_badge_cb_hash == NULL)
                _badge_cb_hash = g_hash_table_new(g_direct_hash, g_direct_equal);
 
-       bd = (struct _badge_cb_data *)malloc(sizeof(struct _badge_cb_data));
-       if (bd == NULL)
-               return BADGE_ERROR_OUT_OF_MEMORY;
-
-       bd->callback = callback;
-       bd->data = data;
-
        badge_cb_list = (GList *)g_hash_table_lookup(_badge_cb_hash, GUINT_TO_POINTER(uid));
 
        if (badge_cb_list == NULL) {
+               bd = __malloc_badge_cb_data(callback, data);
+               if (!bd)
+                       return BADGE_ERROR_OUT_OF_MEMORY;
+
                badge_cb_list = g_list_append(badge_cb_list, bd);
                g_hash_table_insert(_badge_cb_hash, GUINT_TO_POINTER(uid), badge_cb_list);
        } else {
@@ -1114,6 +1126,9 @@ int _badge_register_changed_cb(badge_change_cb callback, void *data, uid_t uid)
                        bd = g_list_nth_data(badge_found_list, 0);
                        bd->data = data;
                } else {
+                       bd = __malloc_badge_cb_data(callback, data);
+                       if (!bd)
+                               return BADGE_ERROR_OUT_OF_MEMORY;
                        badge_cb_list = g_list_append(badge_cb_list, bd);
                }
        }