Hi Thierry,
On Sun, Dec 04, 2011 at 07:43:47PM +0100, Thierry Boureille wrote:
> Fix null pointer derefencing in free_session function.
> Adding null pointer check in debug and process_send_buffer functions
I'm usually suspicious about these kind of fixes. Have you checked how we can
end up with e.g. debug() being called with a NULL argument ? It seems like
there is a more fundamental issue here...
> @@ -137,13 +139,14 @@ static inline void debug(GWeb *web, const char *format,
> ...)
>
> static void free_session(struct web_session *session)
> {
> - GWeb *web = session->web;
> + GWeb *web;
>
> if (session == NULL)
> return;
>
> g_free(session->request);
>
> + web = session->web;
That fix is actually fine.
> if (session->resolv_action > 0)
> g_resolv_cancel_lookup(web->resolv, session->resolv_action);
>
> @@ -421,6 +424,9 @@ static inline void call_result_func(struct web_session
> *session, guint16 status)
> {
> gboolean result;
>
> + if (session == NULL)
> + return;
> +
> if (session->result_func == NULL)
> return;
>
> @@ -435,10 +441,14 @@ static inline void call_result_func(struct web_session
> *session, guint16 status)
>
> static gboolean process_send_buffer(struct web_session *session)
> {
> - GString *buf = session->send_buffer;
> + GString *buf;
> gsize count, bytes_written;
> GIOStatus status;
>
> + if (session == NULL)
> + return;
> +
> + buf = session->send_buffer;
> count = buf->len;
Same here.
Cheers,
Samuel.
--
Intel Open Source Technology Centre
http://oss.intel.com/
_______________________________________________
connman mailing list
[email protected]
http://lists.connman.net/listinfo/connman
