In dbus_g_proxy_end_call_internal, if an error occurs such as a mismatch between the number of parameters in the client's argument list and arguments received over the wire, the function sets a GError and unwinds the argument list. However, there are two problems with the unwinding code: 1. It uses a variable named args_unwind which is not initialized anywhere. 2. It feeds all the user-supplied value pointers to g_free regardless of the actual type.
Created attachment 13446 [details] [review] fix the mentioned two issues This patch should fix the mentioned problems. args_unwind is initialized properly. dbus-gvalue-utils.h now provides: _dbus_gvalue_get (renamed from _dbus_gvalue_store) _dbus_gvalue_set (renamed from _dbus_gvalue_set_from_pointer) _dbus_gvalue_dup _dbus_gvalue_take (original one renamed to _dbus_gvalue_take_cvalue) , following g_value_{get,set,dup,take} namings. The processed arguments are restored to GValue by _dbus_gvalue_take and g_value_unset'ed one by one.
Hi, Thanks for the patch! It turns out there was another bug (and proposed patch) in bug #10834, which I just recently cleaned up and fixed. Looking at your patch, you had a very similar approach. However you added some new functions and renamed others and I'm not entirely sure why. If you have a chance to look at the patch from "git show 43db9baa4cd0921d2ee830185ab46b4646b4e73b" please let me know if you see anything you fixed that I didn't. Marking this bug as a dup. *** This bug has been marked as a duplicate of bug 10834 ***
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.