From bc9b35d5513cbc858761a34d0bb830252799e7ba Mon Sep 17 00:00:00 2001
From: "seungha.son" <seungha.son@samsung.com>
Date: Wed, 30 Nov 2016 21:20:31 +0900
Subject: [PATCH] Fix memory leak

 - The buffer pointed by the dynamically allocated structure is changed
   without free the memory under certain conditions. No pointer to
   buffer allocated by malloc.

Signed-off-by: seungha.son <seungha.son@samsung.com>
Change-Id: I436286b2a9b866c6244d6c0a91187cf26842cad0
---
 src/badge_internal.c | 29 ++++++++++++++++++++++-------
 1 file changed, 22 insertions(+), 7 deletions(-)

diff --git a/src/badge_internal.c b/src/badge_internal.c
index d57946f..6adcb79 100755
--- a/src/badge_internal.c
+++ b/src/badge_internal.c
@@ -1082,6 +1082,21 @@ static gint _badge_data_compare(gconstpointer a, gconstpointer b)
 	return 1;
 }
 
+static struct _badge_cb_data *__malloc_badge_cb_data(badge_change_cb callback, void *data)
+{
+	struct _badge_cb_data *bd = NULL;
+	bd = (struct _badge_cb_data *)malloc(sizeof(struct _badge_cb_data));
+	if (bd == NULL) {
+		ERR("failed malloc badge_cb_data");
+		return NULL;
+	}
+
+	bd->callback = callback;
+	bd->data = data;
+
+	return bd;
+}
+
 int _badge_register_changed_cb(badge_change_cb callback, void *data, uid_t uid)
 {
 	struct _badge_cb_data *bd = NULL;
@@ -1095,16 +1110,13 @@ int _badge_register_changed_cb(badge_change_cb callback, void *data, uid_t uid)
 	if (_badge_cb_hash == NULL)
 		_badge_cb_hash = g_hash_table_new(g_direct_hash, g_direct_equal);
 
-	bd = (struct _badge_cb_data *)malloc(sizeof(struct _badge_cb_data));
-	if (bd == NULL)
-		return BADGE_ERROR_OUT_OF_MEMORY;
-
-	bd->callback = callback;
-	bd->data = data;
-
 	badge_cb_list = (GList *)g_hash_table_lookup(_badge_cb_hash, GUINT_TO_POINTER(uid));
 
 	if (badge_cb_list == NULL) {
+		bd = __malloc_badge_cb_data(callback, data);
+		if (!bd)
+			return BADGE_ERROR_OUT_OF_MEMORY;
+
 		badge_cb_list = g_list_append(badge_cb_list, bd);
 		g_hash_table_insert(_badge_cb_hash, GUINT_TO_POINTER(uid), badge_cb_list);
 	} else {
@@ -1114,6 +1126,9 @@ int _badge_register_changed_cb(badge_change_cb callback, void *data, uid_t uid)
 			bd = g_list_nth_data(badge_found_list, 0);
 			bd->data = data;
 		} else {
+			bd = __malloc_badge_cb_data(callback, data);
+			if (!bd)
+				return BADGE_ERROR_OUT_OF_MEMORY;
 			badge_cb_list = g_list_append(badge_cb_list, bd);
 		}
 	}
-- 
2.7.4