[glib/glib-2-34] GBytes: deal with a corner-case

From: Matthias Clasen <matthiasc src gnome org>
To: commits-list gnome org
Cc:
Subject: [glib/glib-2-34] GBytes: deal with a corner-case
Date: Wed, 17 Oct 2012 01:18:34 +0000 (UTC)

commit 969dd0adf3893206320906369a133369f1dc4864
Author: Matthias Clasen <mclasen redhat com>
Date:   Tue Oct 16 21:07:13 2012 -0400

    GBytes: deal with a corner-case
    
    When calling g_bytes_unref_to_data on a GBytes with NULL data
    we could end up with double-free or use-after-free issues.
    https://bugzilla.gnome.org/show_bug.cgi?id=686091

 glib/gbytes.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)
---
diff --git a/glib/gbytes.c b/glib/gbytes.c
index daf5642..93f74dd 100644
--- a/glib/gbytes.c
+++ b/glib/gbytes.c
@@ -390,7 +390,7 @@ try_steal_and_unref (GBytes         *bytes,
 {
   gpointer result;
 
-  if (bytes->free_func != free_func)
+  if (bytes->free_func != free_func || bytes->data == NULL)
     return NULL;
 
   /* Are we the only reference? */

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]