[glib] gio: Fix crash in open URI portal when no callback is provided

From: Philip Withnall <pwithnall src gnome org>
To: commits-list gnome org
Cc:
Subject: [glib] gio: Fix crash in open URI portal when no callback is provided
Date: Mon, 7 Aug 2017 16:08:30 +0000 (UTC)
commit 05abc6cfce75c28a354fa69212d8e6f38ce4a8b9
Author: Philip Withnall <withnall endlessm com>
Date:   Fri Aug 4 13:46:46 2017 +0100

    gio: Fix crash in open URI portal when no callback is provided
    
    If no callback is provided, token is never set, but it’s then passed to
    g_variant_new_string(), which requires a non-NULL input.
    
    Fix that by moving all the option handling inside the (callback != NULL)
    case.
    
    Spotted by Coverity (CID #1378714).
    
    Signed-off-by: Philip Withnall <withnall endlessm com>
    
    https://bugzilla.gnome.org/show_bug.cgi?id=785817

 gio/gopenuriportal.c |   24 ++++++++++++++----------
 1 files changed, 14 insertions(+), 10 deletions(-)
---
diff --git a/gio/gopenuriportal.c b/gio/gopenuriportal.c
index da143a4..51a72df 100644
--- a/gio/gopenuriportal.c
+++ b/gio/gopenuriportal.c
@@ -251,10 +251,7 @@ g_openuri_portal_open_uri_async (const char          *uri,
   GDBusConnection *connection;
   GTask *task;
   GFile *file;
-  GVariantBuilder opt_builder;
-  char *token;
-  char *sender;
-  char *handle;
+  GVariant *opts = NULL;
   int i;
   guint signal_id;
 
@@ -270,6 +267,11 @@ g_openuri_portal_open_uri_async (const char          *uri,
 
   if (callback)
     {
+      GVariantBuilder opt_builder;
+      char *token;
+      char *sender;
+      char *handle;
+
       task = g_task_new (NULL, cancellable, callback, user_data);
 
       token = g_strdup_printf ("gio%d", g_random_int_range (0, G_MAXINT));
@@ -293,14 +295,16 @@ g_openuri_portal_open_uri_async (const char          *uri,
                                                       task,
                                                       NULL);
       g_object_set_data (G_OBJECT (task), "signal-id", GINT_TO_POINTER (signal_id));
+
+      g_variant_builder_init (&opt_builder, G_VARIANT_TYPE_VARDICT);
+      g_variant_builder_add (&opt_builder, "{sv}", "handle_token", g_variant_new_string (token));
+      g_free (token);
+
+      opts = g_variant_builder_end (&opt_builder);
     }
   else
     task = NULL;
 
-  g_variant_builder_init (&opt_builder, G_VARIANT_TYPE_VARDICT);
-  g_variant_builder_add (&opt_builder, "{sv}", "handle_token", g_variant_new_string (token));
-  g_free (token);
-
   file = g_file_new_for_uri (uri);
   if (g_file_is_native (file))
     {
@@ -332,7 +336,7 @@ g_openuri_portal_open_uri_async (const char          *uri,
       gxdp_open_uri_call_open_file (openuri,
                                     parent_window ? parent_window : "",
                                     g_variant_new ("h", fd_id),
-                                    g_variant_builder_end (&opt_builder),
+                                    opts,
                                     fd_list,
                                     cancellable,
                                     task ? open_call_done : NULL,
@@ -345,7 +349,7 @@ g_openuri_portal_open_uri_async (const char          *uri,
       gxdp_open_uri_call_open_uri (openuri,
                                    parent_window ? parent_window : "",
                                    uri,
-                                   g_variant_builder_end (&opt_builder),
+                                   opts,
                                    cancellable,
                                    task ? open_call_done : NULL,
                                    task);
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]