gdbus: Fix invalid memory access during interface removal If an interface is removed from the root path during the same mainloop iteration that it was added we need to check for data->added before doing the check for data->parent == NULL in the remove_interface() function. Otherwise the added interface doesn't get removed from the data->added list and will result in accessing freed memory: ==337== Invalid read of size 8 ==337== at 0x4F65AFA: dbus_message_iter_append_basic (in /usr/lib64/libdbus-1.so.3.7.1) ==337== by 0x1247B5: append_interface (object.c:556) ==337== by 0x4C8DC5C: g_slist_foreach (gslist.c:840) ==337== by 0x1261F7: process_changes (object.c:594) ==337== by 0x126372: generic_unregister (object.c:997) ==337== by 0x4F69669: ??? (in /usr/lib64/libdbus-1.so.3.7.1) ==337== by 0x4F5CE51: dbus_connection_unregister_object_path (in /usr/lib64/libdbus-1.so.3.7.1) ==337== by 0x125E81: object_path_unref (object.c:1236) ==337== by 0x126136: g_dbus_unregister_interface (object.c:1361) ==337== by 0x14CDF0: service_exit (service.c:581) ==337== by 0x177556: plugin_cleanup (plugin.c:242) ==337== by 0x12221F: main (main.c:559) ==337== Address 0x5bc1550 is 0 bytes inside a block of size 56 free'd ==337== at 0x4A079AE: free (vg_replace_malloc.c:427) ==337== by 0x4C7850E: g_free (gmem.c:252) ==337== by 0x125DB0: remove_interface (object.c:671) ==337== by 0x125E3B: object_path_unref (object.c:1230) ==337== by 0x126136: g_dbus_unregister_interface (object.c:1361) ==337== by 0x14CDF0: service_exit (service.c:581) ==337== by 0x177556: plugin_cleanup (plugin.c:242) ==337== by 0x12221F: main (main.c:559)

Diffstat

1 files changed, 6 insertions(+), 6 deletions(-)