diff options
| author | Aleksander Morgado <aleksander@lanedo.com> | 2012-09-11 16:31:14 +0200 |
|---|---|---|
| committer | Aleksander Morgado <aleksander@lanedo.com> | 2012-09-14 07:05:25 +0200 |
| commit | 83ab63138cfbe7988e3462f66675a3f7261b381f (patch) | |
| tree | a4dbb358abebe578c9b7471fff7758751546d815 | |
| parent | 2871e3e821251245823d0e178c965a1ecbb5984a (diff) | |
sms: fix double free when parsing PDUs
If we get an error when telling the SMS list to take the new PDU, the caller is
the one responsible for freeing the part, so avoid doing it twice.
Relevant valgrind log:
==7287== Invalid read of size 8
==7287== at 0x437CE1: mm_sms_part_free (mm-sms-part.c:344)
==7287== by 0x454D11: mm_iface_modem_messaging_take_part (mm-iface-modem-messaging.c:359)
==7287== by 0x461234: cds_received (mm-broadband-modem.c:4626)
==7287== by 0x48A305: parse_unsolicited (mm-at-serial-port.c:256)
==7287== by 0x48723D: parse_response (mm-serial-port.c:731)
==7287== by 0x48759B: data_available (mm-serial-port.c:801)
==7287== by 0x36ADC47694: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.3200.4)
==7287== by 0x36ADC479C7: ??? (in /usr/lib64/libglib-2.0.so.0.3200.4)
==7287== by 0x36ADC47DC1: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.3200.4)
==7287== by 0x421398: main (main.c:150)
==7287== Address 0x9840b78 is 24 bytes inside a block of size 104 free'd
==7287== at 0x4A079AE: free (vg_replace_malloc.c:427)
==7287== by 0x36ADC4D37E: g_free (in /usr/lib64/libglib-2.0.so.0.3200.4)
==7287== by 0x36ADC61CCE: g_slice_free1 (in /usr/lib64/libglib-2.0.so.0.3200.4)
==7287== by 0x437D5A: mm_sms_part_free (mm-sms-part.c:351)
==7287== by 0x36ADC449EC: g_list_foreach (in /usr/lib64/libglib-2.0.so.0.3200.4)
==7287== by 0x36ADC44A0A: g_list_free_full (in /usr/lib64/libglib-2.0.so.0.3200.4)
==7287== by 0x43D8A1: finalize (mm-sms.c:1629)
==7287== by 0x36AE8145DA: g_object_unref (in /usr/lib64/libgobject-2.0.so.0.3200.4)
==7287== by 0x43CD52: mm_sms_singlepart_new (mm-sms.c:1376)
==7287== by 0x43E223: take_singlepart (mm-sms-list.c:236)
==7287== by 0x43E60D: mm_sms_list_take_part (mm-sms-list.c:338)
==7287== by 0x454CC7: mm_iface_modem_messaging_take_part (mm-iface-modem-messaging.c:353)
| -rw-r--r-- | src/mm-sms.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/src/mm-sms.c b/src/mm-sms.c index 3912810d..4a647b46 100644 --- a/src/mm-sms.c +++ b/src/mm-sms.c @@ -1372,9 +1372,12 @@ mm_sms_singlepart_new (MMBaseModem *modem, /* Keep the single part in the list */ self->priv->parts = g_list_prepend (self->priv->parts, part); - if (!assemble_sms (self, error)) + if (!assemble_sms (self, error)) { + /* Note: we need to remove the part from the list, as we really didn't + * take it, and therefore the caller is responsible for freeing it. */ + self->priv->parts = g_list_remove (self->priv->parts, part); g_clear_object (&self); - else + } else /* Only export once properly created */ mm_sms_export (self); |