From ecd21d0d7d4cdebb1057b2a409863d63cd980525 Mon Sep 17 00:00:00 2001
From: Hyunho Kang <hhstark.kang@samsung.com>
Date: Wed, 8 Jun 2016 17:23:25 +0900
Subject: [PATCH] Fix null pointer dereference

- self send logic is not send fd list and it cause null pointer dereference

Change-Id: Ib3b46504a8d9bb64017b616ad99fb3a324d485e4
Signed-off-by: Hyunho Kang <hhstark.kang@samsung.com>
---
 src/message-port.c | 39 ++++++++++++++++++++++++---------------
 1 file changed, 24 insertions(+), 15 deletions(-)

diff --git a/src/message-port.c b/src/message-port.c
index ad80968..0e37dd8 100755
--- a/src/message-port.c
+++ b/src/message-port.c
@@ -780,27 +780,36 @@ static bool send_message(GVariant *parameters, GDBusMethodInvocation *invocation
 
 	msg = g_dbus_method_invocation_get_message(invocation);
 	fd_list = g_dbus_message_get_unix_fd_list(msg);
-	returned_fds = g_unix_fd_list_steal_fds(fd_list, &fd_len);
-	fd = returned_fds[0];
 
-	LOGI("g_unix_fd_list_get %d fd: [%d]", fd_len, fd);
-	if (fd > 0) {
-
-		callback_info->gio_read = g_io_channel_unix_new(fd);
-		if (!callback_info->gio_read) {
-			_LOGE("Error is %s\n", strerror_r(errno, buf, sizeof(buf)));
+	/* When application send message to self fd_list is NULL */
+	if (fd_list != NULL) {
+		returned_fds = g_unix_fd_list_steal_fds(fd_list, &fd_len);
+		if (returned_fds == NULL) {
+			_LOGE("fail to get fds");
 			__callback_info_free(callback_info);
 			return -1;
 		}
+		fd = returned_fds[0];
 
-		callback_info->g_src_id = g_io_add_watch(callback_info->gio_read, G_IO_IN | G_IO_HUP,
-				__socket_request_handler, (gpointer)callback_info);
-		if (callback_info->g_src_id == 0) {
-			_LOGE("fail to add watch on socket");
-			__callback_info_free(callback_info);
-			return -1;
-		}
+		LOGI("g_unix_fd_list_get %d fd: [%d]", fd_len, fd);
+		if (fd > 0) {
 
+			callback_info->gio_read = g_io_channel_unix_new(fd);
+			if (!callback_info->gio_read) {
+				_LOGE("Error is %s\n", strerror_r(errno, buf, sizeof(buf)));
+				__callback_info_free(callback_info);
+				return -1;
+			}
+
+			callback_info->g_src_id = g_io_add_watch(callback_info->gio_read, G_IO_IN | G_IO_HUP,
+					__socket_request_handler, (gpointer)callback_info);
+			if (callback_info->g_src_id == 0) {
+				_LOGE("fail to add watch on socket");
+				__callback_info_free(callback_info);
+				return -1;
+			}
+
+		}
 	}
 
 	data = bundle_decode(raw, len);
-- 
2.7.4