From: Radoslaw Cybulski <r.cybulski@partner.samsung.com>
Date: Tue, 12 Sep 2017 12:45:33 +0000 (+0200)
Subject: Fix crash, when dbus call in GetNeighbor fails
X-Git-Tag: accepted/tizen/4.0/unified/20170921.073451^0
X-Git-Url: http://review.tizen.org/git/?p=platform%2Fupstream%2Fat-spi2-core.git;a=commitdiff_plain;h=2907c4fffb46f7d6cccdf96b243bd6d7f8831101

Fix crash, when dbus call in GetNeighbor fails

Failed dbus call would cause a crash by trying to get an iterator
to a reply message, which is null. This patch cleans up
_atspi_dbus_call_partial function to always return NULL on failure
and fixes NULL reply handling in atspi_accessible_get_neighbor and
atspi_accessible_get_navigable_at_point functions.

Change-Id: Ie02c656abe57b4bd5474a1765ac499b8f0ee143a
---

diff --git a/atspi/atspi-accessible.c b/atspi/atspi-accessible.c
index 752001c..7e889e9 100644
--- a/atspi/atspi-accessible.c
+++ b/atspi/atspi-accessible.c
@@ -346,7 +346,12 @@ atspi_accessible_get_navigable_at_point (AtspiAccessible *root,
   g_return_val_if_fail (root != NULL, NULL);
   do {
     reply = _atspi_dbus_call_partial (root, atspi_interface_accessible, "GetNavigableAtPoint", error, "iiu", d_x, d_y, d_ctype);
-
+    // call failed, error is set, so we bail out
+    if (!reply) {
+      if (deputy) g_object_unref(deputy);
+      if (return_value) g_object_unref(return_value);
+      return NULL;
+    }
     _ATSPI_DBUS_CHECK_SIG (reply, "(so)y(so)", NULL, NULL);
 
     dbus_message_iter_init (reply, &iter);
@@ -616,6 +621,8 @@ atspi_accessible_get_neighbor (AtspiAccessible *root,
   while(1) {
     const char *path = are_objects_on_the_same_bus(root, start) ? root_path : "";
     DBusMessage *reply = _atspi_dbus_call_partial (start, atspi_interface_accessible, "GetNeighbor", error, "sii", path, (int)direction, (int)search_mode);
+    // call failed, error is set, so we bail out
+    if (!reply) break;
 
     _ATSPI_DBUS_CHECK_SIG (reply, "(so)y", error, NULL);
     dbus_message_iter_init (reply, &iter);
@@ -684,7 +691,6 @@ atspi_accessible_get_neighbor (AtspiAccessible *root,
 
     // nothing found
     g_object_unref(start);
-    return_value = NULL;
     break;
   }
   while(!g_queue_is_empty(children_root_stack))
diff --git a/atspi/atspi-misc.c b/atspi/atspi-misc.c
index 02eab8c..5895935 100644
--- a/atspi/atspi-misc.c
+++ b/atspi/atspi-misc.c
@@ -1153,6 +1153,7 @@ out:
     dbus_error_free (&err);
     if (reply)
       dbus_message_unref(reply);
+    return NULL;
   }
   else if (reply && dbus_message_get_type(reply) == DBUS_MESSAGE_TYPE_ERROR)
   {