From 2907c4fffb46f7d6cccdf96b243bd6d7f8831101 Mon Sep 17 00:00:00 2001
From: Radoslaw Cybulski <r.cybulski@partner.samsung.com>
Date: Tue, 12 Sep 2017 14:45:33 +0200
Subject: [PATCH] Fix crash, when dbus call in GetNeighbor fails

Failed dbus call would cause a crash by trying to get an iterator
to a reply message, which is null. This patch cleans up
_atspi_dbus_call_partial function to always return NULL on failure
and fixes NULL reply handling in atspi_accessible_get_neighbor and
atspi_accessible_get_navigable_at_point functions.

Change-Id: Ie02c656abe57b4bd5474a1765ac499b8f0ee143a
---
 atspi/atspi-accessible.c | 10 ++++++++--
 atspi/atspi-misc.c       |  1 +
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/atspi/atspi-accessible.c b/atspi/atspi-accessible.c
index 752001c..7e889e9 100644
--- a/atspi/atspi-accessible.c
+++ b/atspi/atspi-accessible.c
@@ -346,7 +346,12 @@ atspi_accessible_get_navigable_at_point (AtspiAccessible *root,
   g_return_val_if_fail (root != NULL, NULL);
   do {
     reply = _atspi_dbus_call_partial (root, atspi_interface_accessible, "GetNavigableAtPoint", error, "iiu", d_x, d_y, d_ctype);
-
+    // call failed, error is set, so we bail out
+    if (!reply) {
+      if (deputy) g_object_unref(deputy);
+      if (return_value) g_object_unref(return_value);
+      return NULL;
+    }
     _ATSPI_DBUS_CHECK_SIG (reply, "(so)y(so)", NULL, NULL);
 
     dbus_message_iter_init (reply, &iter);
@@ -616,6 +621,8 @@ atspi_accessible_get_neighbor (AtspiAccessible *root,
   while(1) {
     const char *path = are_objects_on_the_same_bus(root, start) ? root_path : "";
     DBusMessage *reply = _atspi_dbus_call_partial (start, atspi_interface_accessible, "GetNeighbor", error, "sii", path, (int)direction, (int)search_mode);
+    // call failed, error is set, so we bail out
+    if (!reply) break;
 
     _ATSPI_DBUS_CHECK_SIG (reply, "(so)y", error, NULL);
     dbus_message_iter_init (reply, &iter);
@@ -684,7 +691,6 @@ atspi_accessible_get_neighbor (AtspiAccessible *root,
 
     // nothing found
     g_object_unref(start);
-    return_value = NULL;
     break;
   }
   while(!g_queue_is_empty(children_root_stack))
diff --git a/atspi/atspi-misc.c b/atspi/atspi-misc.c
index 02eab8c..5895935 100644
--- a/atspi/atspi-misc.c
+++ b/atspi/atspi-misc.c
@@ -1153,6 +1153,7 @@ out:
     dbus_error_free (&err);
     if (reply)
       dbus_message_unref(reply);
+    return NULL;
   }
   else if (reply && dbus_message_get_type(reply) == DBUS_MESSAGE_TYPE_ERROR)
   {
-- 
2.7.4