From 8eb29fda102be3bd27b04a0b2d7f53a4dfb01f62 Mon Sep 17 00:00:00 2001 From: Chengwei Yang Date: Thu, 20 Jun 2013 17:24:04 +0800 Subject: [PATCH] DBusString: fix may crash if try to free an uninitialized str If the str will be freed hasn't been initialized by _dbus_string_init correctly, _dbus_string_free may crash due to trying to free an undefined memory. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=65959 Signed-off-by: Chengwei Yang Reviewed-by: Simon McVittie --- dbus/dbus-string.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/dbus/dbus-string.c b/dbus/dbus-string.c index e3766aa..52eb0f2 100644 --- a/dbus/dbus-string.c +++ b/dbus/dbus-string.c @@ -246,6 +246,14 @@ _dbus_string_free (DBusString *str) if (real->constant) return; + + /* so it's safe if @p str returned by a failed + * _dbus_string_init call + * Bug: https://bugs.freedesktop.org/show_bug.cgi?id=65959 + */ + if (real->str == NULL) + return; + dbus_free (real->str - real->align_offset); real->invalid = TRUE; -- 2.7.4