From 32c37d084c15c9de4f01ed38a7eda7b8a26cf82a Mon Sep 17 00:00:00 2001 From: "Carsten Haitzler (Rasterman)" Date: Thu, 17 Dec 2020 10:16:55 +0000 Subject: [PATCH] connman agent msg handling - be more clean to try avoid possible seg As this was reported with no reproduction method - like a "one off" I can't be sure this is it and fixes it, but looking for agent->msg and it becoming a wild crazy pointer. So either it was left there from long ago and has since been forgotten bhy asan and is thus wild, or .. memory was scribbled over with junk. in the latter case... who knows. in the former, this may fix that. @fix --- src/modules/connman/agent.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/src/modules/connman/agent.c b/src/modules/connman/agent.c index fa188f969..e97da4fb6 100644 --- a/src/modules/connman/agent.c +++ b/src/modules/connman/agent.c @@ -137,6 +137,7 @@ _dialog_del_cb(void *data) // FIXME need to mark cs->pending_connect = NULL; eldbus_message_unref(agent->msg); + agent->msg = NULL; agent->dialog = NULL; } @@ -396,10 +397,13 @@ _agent_request_input(const Eldbus_Service_Interface *iface, /* Discard previous requests */ // if msg is the current agent msg? eek. - if (agent->msg == msg) return NULL; + if (agent->msg == msg) + { + ERR("agent->msg == msg -> this should not be happening?"); + return NULL; + } - if (agent->msg) - eldbus_message_unref(agent->msg); + if (agent->msg) eldbus_message_unref(agent->msg); agent->msg = eldbus_message_ref((Eldbus_Message *)msg); EINA_LIST_FOREACH(ctxt->instances, l, inst) @@ -526,6 +530,9 @@ void econnman_agent_del(E_Connman_Agent *agent) { EINA_SAFETY_ON_NULL_RETURN(agent); + if (agent->msg) eldbus_message_unref(agent->msg); + agent->msg = NULL; eldbus_service_object_unregister(agent->iface); + agent->iface = NULL; free(agent); }