diff options
| author | Hyunho Kang <hhstark.kang@samsung.com> | 2016-06-08 17:23:25 +0900 |
|---|---|---|
| committer | Hyunho Kang <hhstark.kang@samsung.com> | 2016-06-08 17:27:46 +0900 |
| commit | ecd21d0d7d4cdebb1057b2a409863d63cd980525 (patch) | |
| tree | e6b1f9dd14cb93f3eb9b17bb99591556fea7a540 | |
| parent | 509f3de18992c7d765d9802ccea8a961a8e8bc6f (diff) | |
| download | message-port-accepted/tizen/wearable/20160609.090136.tar.gz message-port-accepted/tizen/wearable/20160609.090136.tar.bz2 message-port-accepted/tizen/wearable/20160609.090136.zip | |
Fix null pointer dereferencesubmit/tizen/20160608.045259accepted/tizen/wearable/20160609.090136accepted/tizen/tv/20160609.090221accepted/tizen/mobile/20160609.090117accepted/tizen/ivi/20160609.090147
- self send logic is not send fd list and it cause null pointer dereference
Change-Id: Ib3b46504a8d9bb64017b616ad99fb3a324d485e4
Signed-off-by: Hyunho Kang <hhstark.kang@samsung.com>
| -rwxr-xr-x | src/message-port.c | 39 |
1 files changed, 24 insertions, 15 deletions
diff --git a/src/message-port.c b/src/message-port.c index ad80968..0e37dd8 100755 --- a/src/message-port.c +++ b/src/message-port.c @@ -780,27 +780,36 @@ static bool send_message(GVariant *parameters, GDBusMethodInvocation *invocation msg = g_dbus_method_invocation_get_message(invocation); fd_list = g_dbus_message_get_unix_fd_list(msg); - returned_fds = g_unix_fd_list_steal_fds(fd_list, &fd_len); - fd = returned_fds[0]; - LOGI("g_unix_fd_list_get %d fd: [%d]", fd_len, fd); - if (fd > 0) { - - callback_info->gio_read = g_io_channel_unix_new(fd); - if (!callback_info->gio_read) { - _LOGE("Error is %s\n", strerror_r(errno, buf, sizeof(buf))); + /* When application send message to self fd_list is NULL */ + if (fd_list != NULL) { + returned_fds = g_unix_fd_list_steal_fds(fd_list, &fd_len); + if (returned_fds == NULL) { + _LOGE("fail to get fds"); __callback_info_free(callback_info); return -1; } + fd = returned_fds[0]; - callback_info->g_src_id = g_io_add_watch(callback_info->gio_read, G_IO_IN | G_IO_HUP, - __socket_request_handler, (gpointer)callback_info); - if (callback_info->g_src_id == 0) { - _LOGE("fail to add watch on socket"); - __callback_info_free(callback_info); - return -1; - } + LOGI("g_unix_fd_list_get %d fd: [%d]", fd_len, fd); + if (fd > 0) { + callback_info->gio_read = g_io_channel_unix_new(fd); + if (!callback_info->gio_read) { + _LOGE("Error is %s\n", strerror_r(errno, buf, sizeof(buf))); + __callback_info_free(callback_info); + return -1; + } + + callback_info->g_src_id = g_io_add_watch(callback_info->gio_read, G_IO_IN | G_IO_HUP, + __socket_request_handler, (gpointer)callback_info); + if (callback_info->g_src_id == 0) { + _LOGE("fail to add watch on socket"); + __callback_info_free(callback_info); + return -1; + } + + } } data = bundle_decode(raw, len); |