From 08e673050a4e6b0eb8f4bbf1bbd68176340a54d7 Mon Sep 17 00:00:00 2001
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Date: Tue, 12 Aug 2014 15:11:29 +0300
Subject: gdbus: Fix crash when calling g_dbus_add_service_watch

If g_dbus_add_service_watch is called for service which bus name is
already known the following crash can happen:

invalid read of size 1
  at 0x4C2A2F2: strlen (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
  by 0x4E97722: g_strdup (in /usr/lib64/libglib-2.0.so.0.3800.2)
  by 0x405B0C: update_name_cache (watch.c:435)
  by 0x405C37: update_service (watch.c:593)
  by 0x4E7A2A5: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.3800.2)
  by 0x4E7A627: ??? (in /usr/lib64/libglib-2.0.so.0.3800.2)
  by 0x4E7AA39: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.3800.2)
  by 0x4038EA: client_ready (test-gdbus-client.c:1014)
  by 0x4E9E5E0: ??? (in /usr/lib64/libglib-2.0.so.0.3800.2)
  by 0x4E9E7A5: ??? (in /usr/lib64/libglib-2.0.so.0.3800.2)
  by 0x4E9EB1A: g_test_run_suite (in /usr/lib64/libglib-2.0.so.0.3800.2)
  by 0x403614: main (test-gdbus-client.c:1058)
Address 0x5dbe5d0 is 0 bytes inside a block of size 7 free'd
  at 0x4C28577: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
  by 0x4E7FF7E: g_free (in /usr/lib64/libglib-2.0.so.0.3800.2)
  by 0x405B04: update_name_cache (watch.c:434)
  by 0x405C37: update_service (watch.c:593)
  by 0x4E7A2A5: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.3800.2)
  by 0x4E7A627: ??? (in /usr/lib64/libglib-2.0.so.0.3800.2)
  by 0x4E7AA39: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.3800.2)
  by 0x4038EA: client_ready (test-gdbus-client.c:1014)
  by 0x4E9E5E0: ??? (in /usr/lib64/libglib-2.0.so.0.3800.2)
  by 0x4E9E7A5: ??? (in /usr/lib64/libglib-2.0.so.0.3800.2)
  by 0x4E9EB1A: g_test_run_suite (in /usr/lib64/libglib-2.0.so.0.3800.2)
  by 0x403614: main (test-gdbus-client.c:1058)
---
 gdbus/watch.c | 1 -
 1 file changed, 1 deletion(-)

(limited to 'gdbus')

diff --git a/gdbus/watch.c b/gdbus/watch.c
index 474d3d4c..2f5e8657 100644
--- a/gdbus/watch.c
+++ b/gdbus/watch.c
@@ -595,7 +595,6 @@ static gboolean update_service(void *user_data)
 	struct filter_callback *cb = data->callback;
 	DBusConnection *conn;
 
-	update_name_cache(data->name, data->owner);
 	conn = dbus_connection_ref(data->conn);
 	service_data_free(data);
 
-- 
cgit v1.2.3