Failed dbus call would cause a crash by trying to get an iterator
to a reply message, which is null. This patch cleans up
_atspi_dbus_call_partial function to always return NULL on failure
and fixes NULL reply handling in atspi_accessible_get_neighbor and
atspi_accessible_get_navigable_at_point functions.
Change-Id: Ie158a79f8f1452c9a5685137c9b42104563dc717
g_return_val_if_fail (root != NULL, NULL);
do {
reply = _atspi_dbus_call_partial (root, atspi_interface_accessible, "GetNavigableAtPoint", error, "iiu", d_x, d_y, d_ctype);
g_return_val_if_fail (root != NULL, NULL);
do {
reply = _atspi_dbus_call_partial (root, atspi_interface_accessible, "GetNavigableAtPoint", error, "iiu", d_x, d_y, d_ctype);
+ // call failed, error is set, so we bail out
+ if (!reply) {
+ if (deputy) g_object_unref(deputy);
+ if (return_value) g_object_unref(return_value);
+ return NULL;
+ }
_ATSPI_DBUS_CHECK_SIG (reply, "(so)y(so)", NULL, NULL);
dbus_message_iter_init (reply, &iter);
_ATSPI_DBUS_CHECK_SIG (reply, "(so)y(so)", NULL, NULL);
dbus_message_iter_init (reply, &iter);
while(1) {
const char *path = are_objects_on_the_same_bus(root, start) ? root_path : "";
DBusMessage *reply = _atspi_dbus_call_partial (start, atspi_interface_accessible, "GetNeighbor", error, "sii", path, (int)direction, (int)search_mode);
while(1) {
const char *path = are_objects_on_the_same_bus(root, start) ? root_path : "";
DBusMessage *reply = _atspi_dbus_call_partial (start, atspi_interface_accessible, "GetNeighbor", error, "sii", path, (int)direction, (int)search_mode);
+ // call failed, error is set, so we bail out
+ if (!reply) break;
_ATSPI_DBUS_CHECK_SIG (reply, "(so)y", error, NULL);
dbus_message_iter_init (reply, &iter);
_ATSPI_DBUS_CHECK_SIG (reply, "(so)y", error, NULL);
dbus_message_iter_init (reply, &iter);
// nothing found
g_object_unref(start);
// nothing found
g_object_unref(start);
break;
}
while(!g_queue_is_empty(children_root_stack))
break;
}
while(!g_queue_is_empty(children_root_stack))
dbus_error_free (&err);
if (reply)
dbus_message_unref(reply);
dbus_error_free (&err);
if (reply)
dbus_message_unref(reply);
}
else if (reply && dbus_message_get_type(reply) == DBUS_MESSAGE_TYPE_ERROR)
{
}
else if (reply && dbus_message_get_type(reply) == DBUS_MESSAGE_TYPE_ERROR)
{