Bug 12673 - [patch] fix possible crash in dbus_connection_send_with_reply
Summary: [patch] fix possible crash in dbus_connection_send_with_reply
Status: RESOLVED FIXED
Alias: None
Product: dbus
Classification: Unclassified
Component: core (show other bugs)
Version: unspecified
Hardware: Other All
: medium normal
Assignee: Havoc Pennington
QA Contact: John (J5) Palmieri
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-10-04 05:05 UTC by Kimmo Hämäläinen
Modified: 2008-01-15 12:24 UTC (History)
0 users

See Also:
i915 platform:
i915 features:

Attachments
proposed patch (473 bytes, patch)
2007-10-04 05:06 UTC, Kimmo Hämäläinen 		Details | Splinter Review
View All

Description Kimmo Hämäläinen 2007-10-04 05:05:51 UTC 
This crash would happen if NULL was passed as the pending_return argument and the connection was disconnected. I'll attach a patch.
Comment 1 Kimmo Hämäläinen 2007-10-04 05:06:40 UTC 
Created attachment 11897 [details] [review]
proposed patch
Comment 2 Havoc Pennington 2007-10-04 07:03:46 UTC 
Shouldn't it add an "if (pending_return)" instead of removing the assignment? (Was it already assigned to earlier in the code?)
Comment 3 Kimmo Hämäläinen 2007-10-04 23:22:14 UTC 
(In reply to comment #2)
> Shouldn't it add an "if (pending_return)" instead of removing the assignment?
> (Was it already assigned to earlier in the code?)

There is already a NULL assignment before that:

  if (pending_return)
    *pending_return = NULL;

  CONNECTION_LOCK (connection);

   if (!_dbus_connection_get_is_connected_unlocked (connection))
    {
      CONNECTION_UNLOCK (connection);

      *pending_return = NULL;

      return TRUE;
    }
Comment 4 John (J5) Palmieri 2008-01-15 12:24:48 UTC 
committed, thanks

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.