aboutsummaryrefslogtreecommitdiff
path: root/src/mm-iface-modem-3gpp-profile-manager.c
diff options
context:
space:
mode:
authorLubomir Rintel <lkundrak@v3.sk>2021-10-01 16:13:42 +0200
committerAleksander Morgado <aleksander@aleksander.es>2021-10-03 13:36:54 +0000
commit90ea3ef5db2bc5846dcb3382a15ec95ce366e04a (patch)
tree407dcd443bfe21987372b910664225f47e03c270 /src/mm-iface-modem-3gpp-profile-manager.c
parente3d108de0f3f5d2ac32b3ad09ec0dae8fb5fc2e5 (diff)
iface-modem-3gpp-profile-manager: correct a GError instance ownership
The call to g_task_return_error() takes ownership of the GError passed to it; we must not free it ourselves upon automatic pointer cleanup. Otherwise a crash can be triggered in the error handling path: ModemManager[259816]: <debug> [1633088468.157848] [modem0/modemu/at] <-- '<CR><LF>OK<CR><LF>' ModemManager[259816]: <debug> [1633088468.159832] [modem0] stored profile with id '1' ModemManager[259816]: <debug> [1633088468.160501] [modem0] set profile state (7/8): list after ModemManager[259816]: <debug> [1633088468.161686] [modem0/modemu/at] device open count is 3 (open) ModemManager[259816]: <debug> [1633088468.162320] [modem0/modemu/at] device open count is 2 (close) ModemManager[259816]: <debug> [1633088468.162746] [modem0/modemu/at] --> 'AT+CGDCONT?<CR>' ModemManager[259816]: <debug> [1633088468.177437] [modem0/modemu/at] <-- '<CR><LF>ERROR<CR><LF>' ModemManager[259816]: <debug> [1633088468.178011] [modem0/modemu/at] operation failure: 100 (Unknown error) ModemManager[259816]: <warn> [1633088468.182420] [modem0/bearer0] connection attempt #1 failed: Couldn't validate update of profile '1': Unknown error ModemManager[259816]: <info> [1633088468.193156] [modem0/bearer0] connection #1 finished: duration 0s, tx: 0 bytes, rx: 0 bytes ModemManager[259816]: <debug> [1633088468.194280] [modem0] couldn't connect bearer: Couldn't validate update of profile '1': Unknown error ==259816== Invalid read of size 4 ==259816== at 0x4FF66CF: UnknownInlinedFun (gerror.c:535) ==259816== by 0x4FF66CF: g_error_free (gerror.c:832) ==259816== by 0x1A7F49: UnknownInlinedFun (glib-autocleanups.h:52) ==259816== by 0x1A7F49: UnknownInlinedFun (glib-autocleanups.h:52) ==259816== by 0x1A7F49: profile_manager_get_profile_after_ready (mm-iface-modem-3gpp-profile-manager.c:140) ==259816== by 0x4E342C9: g_task_return_now (gtask.c:1219) ==259816== by 0x4E344CA: UnknownInlinedFun (gtask.c:1289) ==259816== by 0x4E344CA: g_task_return (gtask.c:1245) ==259816== by 0x1A867C: get_profile_list_ready (mm-iface-modem-3gpp-profile-manager.c:680) ==259816== by 0x4E342C9: g_task_return_now (gtask.c:1219) ==259816== by 0x4E344CA: UnknownInlinedFun (gtask.c:1289) ==259816== by 0x4E344CA: g_task_return (gtask.c:1245) ==259816== by 0x1A3DB5: internal_list_profiles_ready (mm-iface-modem-3gpp-profile-manager.c:774) ==259816== by 0x4E342C9: g_task_return_now (gtask.c:1219) ==259816== by 0x4E344CA: UnknownInlinedFun (gtask.c:1289) ==259816== by 0x4E344CA: g_task_return (gtask.c:1245) ==259816== by 0x1D7B8B: profile_manager_cgdcont_query_ready (mm-broadband-modem.c:10240) ==259816== by 0x4E1DB61: g_simple_async_result_complete (gsimpleasyncresult.c:802) ==259816== Address 0x9286da0 is 0 bytes inside a block of size 16 free'd ==259816== at 0x48440E4: free (vg_replace_malloc.c:755) ==259816== by 0x500FD1C: g_free (gmem.c:199) ==259816== by 0x502A22F: g_slice_free1 (gslice.c:1180) ==259816== by 0x4FF6780: g_error_free (gerror.c:864) ==259816== by 0x1B22D2: connect_bearer_ready (mm-iface-modem-simple.c:286) ==259816== by 0x4E342C9: g_task_return_now (gtask.c:1219) ==259816== by 0x4E344CA: UnknownInlinedFun (gtask.c:1289) ==259816== by 0x4E344CA: g_task_return (gtask.c:1245) ==259816== by 0x18031A: connect_ready (mm-base-bearer.c:917) ==259816== by 0x4E342C9: g_task_return_now (gtask.c:1219) ==259816== by 0x4E344CA: UnknownInlinedFun (gtask.c:1289) ==259816== by 0x4E344CA: g_task_return (gtask.c:1245) ==259816== by 0x18329B: connect_3gpp_ready (mm-broadband-bearer.c:918) ==259816== by 0x4E342C9: g_task_return_now (gtask.c:1219) ==259816== Block was alloc'd at ==259816== at 0x484186F: malloc (vg_replace_malloc.c:380) ==259816== by 0x5013408: g_malloc (gmem.c:106) ==259816== by 0x502ACB4: g_slice_alloc (gslice.c:1069) ==259816== by 0x502B33D: g_slice_alloc0 (gslice.c:1095) ==259816== by 0x4FF64E6: g_error_allocate (gerror.c:702) ==259816== by 0x4FF6F03: UnknownInlinedFun (gerror.c:716) ==259816== by 0x4FF6F03: g_error_copy (gerror.c:886) ==259816== by 0x4E1D0A0: g_simple_async_result_set_from_error (gsimpleasyncresult.c:676) ==259816== by 0x236AAB: port_serial_got_response (mm-port-serial.c:744) ==259816== by 0x23B0F1: UnknownInlinedFun (mm-port-serial.c:934) ==259816== by 0x23B0F1: common_input_available (mm-port-serial.c:1035) ==259816== by 0x500AF9E: UnknownInlinedFun (gmain.c:3337) ==259816== by 0x500AF9E: g_main_context_dispatch (gmain.c:4055) ==259816== by 0x505F607: g_main_context_iterate.constprop.0 (gmain.c:4131) ==259816== by 0x500A562: g_main_loop_run (gmain.c:4329)
Diffstat (limited to 'src/mm-iface-modem-3gpp-profile-manager.c')
-rw-r--r--src/mm-iface-modem-3gpp-profile-manager.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/mm-iface-modem-3gpp-profile-manager.c b/src/mm-iface-modem-3gpp-profile-manager.c
index d6eb81c6..088bc6c5 100644
--- a/src/mm-iface-modem-3gpp-profile-manager.c
+++ b/src/mm-iface-modem-3gpp-profile-manager.c
@@ -137,7 +137,7 @@ profile_manager_get_profile_after_ready (MMIfaceModem3gppProfileManager *self,
GTask *task)
{
SetProfileContext *ctx;
- g_autoptr(GError) error = NULL;
+ GError *error = NULL;
ctx = g_task_get_task_data (task);
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2025-06-07 09:21:00 +0000