[gssdp/gssdp_1.0] client: Crash due to dangling pointer



commit 7b1007a0bd9879915b72fabc8fd2a02176d0a6aa
Author: Jens Georg <mail jensge org>
Date:   Thu Jan 24 11:15:10 2019 +0100

    client: Crash due to dangling pointer
    
    After clearing the custom header list, priv->headers was left dangling
    which would lead to use-after-free access when sending the bye-bye
    messages on client destruction
    
    Fixes #1

 libgssdp/gssdp-client.c |  1 +
 tests/test-regression.c | 44 ++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 45 insertions(+)
---
diff --git a/libgssdp/gssdp-client.c b/libgssdp/gssdp-client.c
index ec2ae5f..2e59e26 100644
--- a/libgssdp/gssdp-client.c
+++ b/libgssdp/gssdp-client.c
@@ -1030,6 +1030,7 @@ gssdp_client_clear_headers (GSSDPClient *client)
 
         g_list_free_full (client->priv->headers,
                           (GDestroyNotify) header_field_free);
+        priv->headers = NULL;
 }
 
 /**
diff --git a/tests/test-regression.c b/tests/test-regression.c
index 52b4b7e..045ce11 100644
--- a/tests/test-regression.c
+++ b/tests/test-regression.c
@@ -368,6 +368,49 @@ static void test_bgo724030 (void)
  * ============================================================================
  */
 
+/* BEGIN Regression test
+ * https://gitlab.gnome.org/GNOME/gssdp/issues/1
+ * ============================================================================
+ *  - Check that sending a message after clearing the custom headers does not
+ *    crash
+ */
+
+static void test_ggo_1(void)
+{
+        GSSDPClient *dest;
+        GSSDPResourceGroup *group;
+        GMainLoop *loop;
+        GError *error = NULL;
+
+        loop = g_main_loop_new (NULL, FALSE);
+        dest = get_client (&error);
+        g_assert_nonnull (dest);
+        g_assert_null (error);
+        gssdp_client_append_header (dest, "Foo", "bar");
+
+        group = gssdp_resource_group_new (dest);
+        g_assert_nonnull (group);
+
+        gssdp_resource_group_add_resource_simple (group,
+                                                  USN,
+                                                  UUID_1"::"USN,
+                                                  "http://127.0.0.1:3456";);
+        gssdp_resource_group_set_max_age (group, 1);
+        gssdp_resource_group_set_available (group, TRUE);
+        g_timeout_add_seconds (2, quit_loop, loop);
+        g_main_loop_run (loop);
+
+        gssdp_client_clear_headers (dest);
+        g_object_unref (dest);
+        g_timeout_add_seconds (10, quit_loop, loop);
+        g_main_loop_run (loop);
+}
+
+/* END Regression test
+ * https://gitlab.gnome.org/GNOME/gssdp/issues/1
+ * ============================================================================
+ */
+
 
 int main (int argc, char *argv[])
 {
@@ -380,6 +423,7 @@ int main (int argc, char *argv[])
                g_test_add_func ("/bugs/gnome/673150", test_bgo673150);
                g_test_add_func ("/bugs/gnome/682099", test_bgo682099);
                g_test_add_func ("/bugs/gnome/724030", test_bgo724030);
+               g_test_add_func ("/bugs/ggo/1", test_ggo_1);
         }
 
         g_test_run ();


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]