From 5efa15b83f5c7b6a84b1cd92e90a4a820e0d280f Mon Sep 17 00:00:00 2001 From: Ben Chan Date: Tue, 20 Aug 2019 13:39:29 -0700 Subject: broadband-modem-mbim: fix potential dereference of null GByteArray ussd_decode() expects a non-null GByteArray while process_ussd_message() could potentially passes a null GByteArray to ussd_decode(). This patch fixes the issue by having process_ussd_message() always creates a GByteArray. --- src/mm-broadband-modem-mbim.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'src') diff --git a/src/mm-broadband-modem-mbim.c b/src/mm-broadband-modem-mbim.c index 19572b16..68313094 100644 --- a/src/mm-broadband-modem-mbim.c +++ b/src/mm-broadband-modem-mbim.c @@ -4469,7 +4469,7 @@ process_ussd_message (MMBroadbandModemMbim *self, { GTask *task = NULL; MMModem3gppUssdSessionState ussd_state = MM_MODEM_3GPP_USSD_SESSION_STATE_IDLE; - GByteArray *bytearray = NULL; + GByteArray *bytearray; gchar *converted = NULL; GError *error = NULL; @@ -4479,8 +4479,9 @@ process_ussd_message (MMBroadbandModemMbim *self, self->priv->pending_ussd_action = NULL; } - if (data_size) - bytearray = g_byte_array_append (g_byte_array_new (), data, data_size); + bytearray = g_byte_array_new (); + if (data && data_size) + bytearray = g_byte_array_append (bytearray, data, data_size); switch (ussd_response) { case MBIM_USSD_RESPONSE_NO_ACTION_REQUIRED: @@ -4537,8 +4538,7 @@ process_ussd_message (MMBroadbandModemMbim *self, mm_iface_modem_3gpp_ussd_update_state (MM_IFACE_MODEM_3GPP_USSD (self), ussd_state); - if (bytearray) - g_byte_array_unref (bytearray); + g_byte_array_unref (bytearray); /* Complete the pending action */ if (task) { -- cgit v1.2.3-70-g09d2