[maemo-commits] [maemo-commits] r14497 - in projects/haf/trunk/dbus/debian: . patches
From: subversion at stage.maemo.org subversion at stage.maemo.orgDate: Thu Oct 18 11:21:44 EEST 2007
- Previous message: [maemo-commits] r14496 - projects/haf/trunk/osso-app-killer/debian
- Next message: [maemo-commits] r14498 - in projects/haf/trunk/dbus/debian: . patches
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Author: kihamala
Date: 2007-10-18 11:21:40 +0300 (Thu, 18 Oct 2007)
New Revision: 14497
Added:
projects/haf/trunk/dbus/debian/patches/20-double-free-fix.patch
Modified:
projects/haf/trunk/dbus/debian/changelog
Log:
double free patch
Modified: projects/haf/trunk/dbus/debian/changelog
===================================================================
--- projects/haf/trunk/dbus/debian/changelog 2007-10-18 07:55:41 UTC (rev 14496)
+++ projects/haf/trunk/dbus/debian/changelog 2007-10-18 08:21:40 UTC (rev 14497)
@@ -3,8 +3,11 @@
* Added dbus-dbg package. Fixes: NB#70750
* Fixed a possible segfault in dbus_connection_send_with_reply when the
connection has been disconnected.
+ * Fixed a double free which could have happened after calling
+ _dbus_connection_close_if_only_one_ref. Discovered by statical code
+ analysis.
- -- Kimmo Hämäläinen <kimmo.hamalainen at nokia.com> Thu, 27 Sep 2007 12:40:47 +0300
+ -- Kimmo Hämäläinen <kimmo.hamalainen at nokia.com> Thu, 18 Oct 2007 11:21:11 +0300
dbus (1.0.2-0osso12) experimental; urgency=low
Added: projects/haf/trunk/dbus/debian/patches/20-double-free-fix.patch
===================================================================
--- projects/haf/trunk/dbus/debian/patches/20-double-free-fix.patch 2007-10-18 07:55:41 UTC (rev 14496)
+++ projects/haf/trunk/dbus/debian/patches/20-double-free-fix.patch 2007-10-18 08:21:40 UTC (rev 14497)
@@ -0,0 +1,76 @@
+diff -pur dbus-1.0.2/dbus/dbus-connection-internal.h dbus-1.0.2.new/dbus/dbus-connection-internal.h
+--- dbus-1.0.2/dbus/dbus-connection-internal.h 2006-12-11 21:21:14.000000000 +0200
++++ dbus-1.0.2.new/dbus/dbus-connection-internal.h 2007-10-18 11:09:43.798712808 +0300
+@@ -78,7 +78,7 @@ void _dbus_connection_do_it
+ unsigned int flags,
+ int timeout_milliseconds);
+ void _dbus_connection_close_possibly_shared (DBusConnection *connection);
+-void _dbus_connection_close_if_only_one_ref (DBusConnection *connection);
++dbus_bool_t _dbus_connection_close_if_only_one_ref (DBusConnection *connection);
+
+ DBusPendingCall* _dbus_pending_call_new (DBusConnection *connection,
+ int timeout_milliseconds,
+diff -pur dbus-1.0.2/dbus/dbus-connection.c dbus-1.0.2.new/dbus/dbus-connection.c
+--- dbus-1.0.2/dbus/dbus-connection.c 2006-12-11 21:21:08.000000000 +0200
++++ dbus-1.0.2.new/dbus/dbus-connection.c 2007-10-18 11:12:57.012339872 +0300
+@@ -2008,8 +2008,9 @@ _dbus_connection_send_and_unlock (DBusCo
+ * though, we could screw this up.
+ *
+ * @param connection the connection
++ * @returns #TRUE if the connection was closed
+ */
+-void
++dbus_bool_t
+ _dbus_connection_close_if_only_one_ref (DBusConnection *connection)
+ {
+ CONNECTION_LOCK (connection);
+@@ -2017,9 +2018,15 @@ _dbus_connection_close_if_only_one_ref (
+ _dbus_assert (connection->refcount.value > 0);
+
+ if (connection->refcount.value == 1)
+- _dbus_connection_close_possibly_shared_and_unlock (connection);
++ {
++ _dbus_connection_close_possibly_shared_and_unlock (connection);
++ return TRUE;
++ }
+ else
+- CONNECTION_UNLOCK (connection);
++ {
++ CONNECTION_UNLOCK (connection);
++ return FALSE;
++ }
+ }
+
+
+diff -pur dbus-1.0.2/dbus/dbus-server-debug-pipe.c dbus-1.0.2.new/dbus/dbus-server-debug-pipe.c
+--- dbus-1.0.2/dbus/dbus-server-debug-pipe.c 2006-12-11 21:21:06.000000000 +0200
++++ dbus-1.0.2.new/dbus/dbus-server-debug-pipe.c 2007-10-18 11:14:44.798953816 +0300
+@@ -317,8 +317,10 @@ _dbus_transport_debug_pipe_new (const ch
+ /* If no one grabbed a reference, the connection will die,
+ * and the client transport will get an immediate disconnect
+ */
+- _dbus_connection_close_if_only_one_ref (connection);
+- dbus_connection_unref (connection);
++ if (!_dbus_connection_close_if_only_one_ref (connection))
++ {
++ dbus_connection_unref (connection);
++ }
+
+ return client_transport;
+ }
+diff -pur dbus-1.0.2/dbus/dbus-server-socket.c dbus-1.0.2.new/dbus/dbus-server-socket.c
+--- dbus-1.0.2/dbus/dbus-server-socket.c 2006-12-11 21:21:06.000000000 +0200
++++ dbus-1.0.2.new/dbus/dbus-server-socket.c 2007-10-18 11:09:04.203732160 +0300
+@@ -136,8 +136,10 @@ handle_new_client_fd_and_unlock (DBusSer
+ dbus_server_unref (server);
+
+ /* If no one grabbed a reference, the connection will die. */
+- _dbus_connection_close_if_only_one_ref (connection);
+- dbus_connection_unref (connection);
++ if (!_dbus_connection_close_if_only_one_ref (connection))
++ {
++ dbus_connection_unref (connection);
++ }
+
+ return TRUE;
+ }
- Previous message: [maemo-commits] r14496 - projects/haf/trunk/osso-app-killer/debian
- Next message: [maemo-commits] r14498 - in projects/haf/trunk/dbus/debian: . patches
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]