• Simon McVittie's avatar
    dbus_message_iter_open_container: Don't leak signature on failure · c462a6b3
    Simon McVittie authored
    If we run out of memory while calling _dbus_type_writer_recurse()
    (which is impossible for most contained types, but can happen for
    structs and dict-entries), then the memory we allocated in the call to
    _dbus_message_iter_open_signature() will still be allocated, and we
    have to free it in order to return to the state of the world prior to
    calling open_container().
    
    One might reasonably worry that this change can break callers that use
    this (incorrect) pattern:
    
        if (!dbus_message_iter_open_container (outer, ..., inner))
          {
            dbus_message_iter_abandon_container (outer, inner);
            goto fail;
          }
        /* now we know inner is open, and we must close it later */
    
    However, testing that pattern with _dbus_test_oom_handling()
    demonstrates that it already dies with a DBusString assertion failure
    even before this commit.
    
    This is all concerningly fragile, and I think the next step should be
    to zero out DBusMessageIter instances when they are invalidated, so
    that a "double-free" is always detected.
    Signed-off-by: Simon McVittie's avatarSimon McVittie <smcv@collabora.com>
    Reviewed-by: Philip Withnall's avatarPhilip Withnall <withnall@endlessm.com>
    Bug: https://bugs.freedesktop.org/show_bug.cgi?id=101568
    (cherry picked from commit 031aa2ce)
    c462a6b3
dbus-message.c 151 KB