colin/ModemManager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sms: fix double free when parsing PDUs

Browse Source 
If we get an error when telling the SMS list to take the new PDU, the caller is
the one responsible for freeing the part, so avoid doing it twice.

Relevant valgrind log:
==7287== Invalid read of size 8
==7287==    at 0x437CE1: mm_sms_part_free (mm-sms-part.c:344)
==7287==    by 0x454D11: mm_iface_modem_messaging_take_part (mm-iface-modem-messaging.c:359)
==7287==    by 0x461234: cds_received (mm-broadband-modem.c:4626)
==7287==    by 0x48A305: parse_unsolicited (mm-at-serial-port.c:256)
==7287==    by 0x48723D: parse_response (mm-serial-port.c:731)
==7287==    by 0x48759B: data_available (mm-serial-port.c:801)
==7287==    by 0x36ADC47694: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.3200.4)
==7287==    by 0x36ADC479C7: ??? (in /usr/lib64/libglib-2.0.so.0.3200.4)
==7287==    by 0x36ADC47DC1: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.3200.4)
==7287==    by 0x421398: main (main.c:150)
==7287==  Address 0x9840b78 is 24 bytes inside a block of size 104 free'd
==7287==    at 0x4A079AE: free (vg_replace_malloc.c:427)
==7287==    by 0x36ADC4D37E: g_free (in /usr/lib64/libglib-2.0.so.0.3200.4)
==7287==    by 0x36ADC61CCE: g_slice_free1 (in /usr/lib64/libglib-2.0.so.0.3200.4)
==7287==    by 0x437D5A: mm_sms_part_free (mm-sms-part.c:351)
==7287==    by 0x36ADC449EC: g_list_foreach (in /usr/lib64/libglib-2.0.so.0.3200.4)
==7287==    by 0x36ADC44A0A: g_list_free_full (in /usr/lib64/libglib-2.0.so.0.3200.4)
==7287==    by 0x43D8A1: finalize (mm-sms.c:1629)
==7287==    by 0x36AE8145DA: g_object_unref (in /usr/lib64/libgobject-2.0.so.0.3200.4)
==7287==    by 0x43CD52: mm_sms_singlepart_new (mm-sms.c:1376)
==7287==    by 0x43E223: take_singlepart (mm-sms-list.c:236)
==7287==    by 0x43E60D: mm_sms_list_take_part (mm-sms-list.c:338)
==7287==    by 0x454CC7: mm_iface_modem_messaging_take_part (mm-iface-modem-messaging.c:353)
This commit is contained in:
Aleksander Morgado
2012-09-11 16:31:14 +02:00
parent 2871e3e821
commit 83ab63138c
1 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/mm-sms.c
View File

@@ -1372,9 +1372,12 @@ mm_sms_singlepart_new (MMBaseModem *modem,
/* Keep the single part in the list */ /* Keep the single part in the list */
self->priv->parts = g_list_prepend (self->priv->parts, part); self->priv->parts = g_list_prepend (self->priv->parts, part);
if (!assemble_sms (self, error)) if (!assemble_sms (self, error)) {
/* Note: we need to remove the part from the list, as we really didn't
* take it, and therefore the caller is responsible for freeing it. */
self->priv->parts = g_list_remove (self->priv->parts, part);
g_clear_object (&self); g_clear_object (&self);
else } else
/* Only export once properly created */ /* Only export once properly created */
mm_sms_export (self); mm_sms_export (self);