From: Chengwei Yang <chengwei.yang@intel.com>
Date: Thu, 20 Jun 2013 09:24:04 +0000 (+0800)
Subject: DBusString: fix may crash if try to free an uninitialized str
X-Git-Tag: dbus-1.6.14~14
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=8eb29fda102be3bd27b04a0b2d7f53a4dfb01f62;p=thirdparty%2Fdbus.git

DBusString: fix may crash if try to free an uninitialized str

If the str will be freed hasn't been initialized by _dbus_string_init
correctly, _dbus_string_free may crash due to trying to free an
undefined memory.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=65959
Signed-off-by: Chengwei Yang <chengwei.yang@intel.com>
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
---

diff --git a/dbus/dbus-string.c b/dbus/dbus-string.c
index e3766aad4..52eb0f233 100644
--- a/dbus/dbus-string.c
+++ b/dbus/dbus-string.c
@@ -246,6 +246,14 @@ _dbus_string_free (DBusString *str)
   
   if (real->constant)
     return;
+
+  /* so it's safe if @p str returned by a failed
+   * _dbus_string_init call
+   * Bug: https://bugs.freedesktop.org/show_bug.cgi?id=65959
+   */
+  if (real->str == NULL)
+    return;
+
   dbus_free (real->str - real->align_offset);
 
   real->invalid = TRUE;