From b5a87e214fa5cb5728bc145cedcedaa6d82bd493 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Barnab=C3=A1s=20P=C5=91cze?= Date: Sat, 22 Apr 2023 21:37:59 +0200 Subject: [PATCH] dbus_message_iter_get_signature: Fix two memory leaks on OOM MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Previously, `retstr` would not be freed when `_dbus_string_append_len()` or `_dbus_string_steal_data()` failed. Fix those by: * jumping to `_dbus_string_free()` when `_dbus_string_append_len()` fails * ignoring the return value of `_dbus_string_free()`. The latter works because in case of failure, `ret` will be set to NULL by `_dbus_string_steal_data()`. Signed-off-by: Barnabás Pőcze --- dbus/dbus-message.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/dbus/dbus-message.c b/dbus/dbus-message.c index d82e335eb..b47a8638d 100644 --- a/dbus/dbus-message.c +++ b/dbus/dbus-message.c @@ -2293,7 +2293,7 @@ dbus_message_iter_get_signature (DBusMessageIter *iter) { const DBusString *sig; DBusString retstr; - char *ret; + char *ret = NULL; int start, len; DBusMessageRealIter *real = (DBusMessageRealIter *)iter; @@ -2307,9 +2307,13 @@ dbus_message_iter_get_signature (DBusMessageIter *iter) if (!_dbus_string_append_len (&retstr, _dbus_string_get_const_data (sig) + start, len)) - return NULL; - if (!_dbus_string_steal_data (&retstr, &ret)) - return NULL; + goto oom; + + /* This is correct whether it succeeds or fails: on success it sets `ret`, + * and on failure it leaves `ret` set to NULL. */ + _dbus_string_steal_data (&retstr, &ret); + +oom: _dbus_string_free (&retstr); return ret; } -- 2.47.3