From 0d2a9a79090a2d3bbe3f638018c473c4cc2f3b11 Mon Sep 17 00:00:00 2001 From: Philip Withnall Date: Mon, 7 Aug 2017 19:49:17 +0100 Subject: [PATCH] lib/repo-finder: Avoid a potential unref-of-NULL crash MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit As the comment explains, it’s possible for a result to be freed while ref_to_checksum is NULL, even though normally the data structure guarantees it’s non-NULL. This was causing crashes when results were filtered out of a find-remotes call. Guard against that. Signed-off-by: Philip Withnall Closes: #1058 Approved by: cgwalters --- src/libostree/ostree-repo-finder.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/libostree/ostree-repo-finder.c b/src/libostree/ostree-repo-finder.c index 7893978d..1ddb2c62 100644 --- a/src/libostree/ostree-repo-finder.c +++ b/src/libostree/ostree-repo-finder.c @@ -550,7 +550,9 @@ ostree_repo_finder_result_free (OstreeRepoFinderResult *result) { g_return_if_fail (result != NULL); - g_hash_table_unref (result->ref_to_checksum); + /* This may be NULL iff the result is freed half-way through find_remotes_cb() + * in ostree-repo-pull.c, and at no other time. */ + g_clear_pointer (&result->ref_to_checksum, g_hash_table_unref); g_object_unref (result->finder); ostree_remote_unref (result->remote); g_free (result);