diff options
author | U. Artie Eoff <ullysses.a.eoff@intel.com> | 2014-05-05 16:28:26 -0700 |
---|---|---|
committer | Kristian Høgsberg <krh@bitplanet.net> | 2014-05-06 15:00:31 -0700 |
commit | 0f23b73a0641461884a9a8d626ce087d76406840 (patch) | |
tree | 46305d7efc29b6ba1428f878bb93fcdaf3cef5b0 | |
parent | b41ded812dfd23917300b1927d06299d66368d03 (diff) |
server: fix potential memleak and NULL deref
If for some reason that errno is neither value (ENOMEM or
EINVAL), then prior to this patch, there would be a NULL
deref in wl_closure_lookup(...) at the "else if" conditional
when closure == NULL. Also, closure might not be NULL but still
fall into the block due to the wl_closure_lookup < 0 condition...
in that case, we need to destroy the closure to avoid a memory
leak.
Currently, wl_connection_demarshal only sets errno to ENOMEM
or EINVAL... we've already checked for ENOMEM so remove check
for EINVAL (just assume it). Also, call wl_closure_destroy(...)
unconditionally in the "else if" block (assume it can handle
NULL closure, too, which it does right now).
Signed-off-by: U. Artie Eoff <ullysses.a.eoff@intel.com>
-rw-r--r-- | src/wayland-server.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/wayland-server.c b/src/wayland-server.c index f2b1b42..e850d48 100644 --- a/src/wayland-server.c +++ b/src/wayland-server.c @@ -313,7 +313,7 @@ wl_client_connection_data(int fd, uint32_t mask, void *data) if (closure == NULL && errno == ENOMEM) { wl_resource_post_no_memory(resource); break; - } else if ((closure == NULL && errno == EINVAL) || + } else if (closure == NULL || wl_closure_lookup_objects(closure, &client->objects) < 0) { wl_resource_post_error(client->display_resource, WL_DISPLAY_ERROR_INVALID_METHOD, @@ -321,6 +321,7 @@ wl_client_connection_data(int fd, uint32_t mask, void *data) object->interface->name, object->id, message->name); + wl_closure_destroy(closure); break; } |