From 2aeae98b744befb8bc93c272aa89dad3d9581ffc Mon Sep 17 00:00:00 2001
From: Chengwei Yang <chengwei.yang@intel.com>
Date: Fri, 27 Sep 2013 14:39:40 +0800
Subject: [PATCH] Fix memory or unix fd may leak in
 dbus_message_iter_get_args_valist

This is an aged bug since 2009, so let's fix it. Say if a previous
parsing for unix fd or array of string successfully but then a later
element parsing fail, then the unix fd or array of string leaked.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=21259
---
 dbus/dbus-message.c |   17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/dbus/dbus-message.c b/dbus/dbus-message.c
index 20c8be3..58e4136 100644
--- a/dbus/dbus-message.c
+++ b/dbus/dbus-message.c
@@ -784,8 +784,6 @@ _dbus_message_iter_check (DBusMessageRealIter *iter)
  * dbus_message_get_args() is the place to go for complete
  * documentation.
  *
- * @todo This may leak memory and file descriptors if parsing fails. See #21259
- *
  * @see dbus_message_get_args
  * @param iter the message iter
  * @param error error to be filled in
@@ -802,6 +800,12 @@ _dbus_message_iter_get_args_valist (DBusMessageIter *iter,
   DBusMessageRealIter *real = (DBusMessageRealIter *)iter;
   int spec_type, msg_type, i;
   dbus_bool_t retval;
+  char ***str_array_p;
+  int n_elements;
+  char **str_array = NULL;
+#ifdef HAVE_UNIX_FD_PASSING
+  int *pfd = NULL, nfd;
+#endif
 
   _dbus_assert (_dbus_message_iter_check (real));
 
@@ -829,7 +833,6 @@ _dbus_message_iter_get_args_valist (DBusMessageIter *iter,
         {
 #ifdef HAVE_UNIX_FD_PASSING
           DBusBasicValue idx;
-          int *pfd, nfd;
 
           pfd = va_arg (var_args, int*);
           _dbus_assert(pfd);
@@ -906,10 +909,6 @@ _dbus_message_iter_get_args_valist (DBusMessageIter *iter,
             }
           else if (_DBUS_TYPE_IS_STRINGLIKE (spec_element_type))
             {
-              char ***str_array_p;
-              int n_elements;
-              char **str_array;
-
               str_array_p = va_arg (var_args, char***);
               n_elements_p = va_arg (var_args, int*);
 
@@ -996,6 +995,10 @@ _dbus_message_iter_get_args_valist (DBusMessageIter *iter,
   retval = TRUE;
 
  out:
+  if (pfd)
+    _dbus_close (*pfd);
+  if (str_array)
+    dbus_free_string_array (str_array);
 
   return retval;
 }
-- 
1.7.9.5