bus: fix memleak on invalid message
Introduced in 6d586a1371
.
Reported by Felix Riemann in https://bugzilla.redhat.com/show_bug.cgi?id=1685286.
Reproducer:
for i in `seq 1 100`; do gdbus call --session -d org.freedesktop.systemd1 -m org.freedesktop.systemd1.Manager.StartUnit -o "/$(for x in `seq 0 28000`; do echo -n $x; done)" & done
This commit is contained in:
parent
ebcf697685
commit
3dec520197
|
@ -1132,13 +1132,15 @@ static int bus_socket_make_message(sd_bus *bus, size_t size) {
|
|||
bus->fds, bus->n_fds,
|
||||
NULL,
|
||||
&t);
|
||||
if (r == -EBADMSG)
|
||||
if (r == -EBADMSG) {
|
||||
log_debug_errno(r, "Received invalid message from connection %s, dropping.", strna(bus->description));
|
||||
else if (r < 0) {
|
||||
free(bus->rbuffer); /* We want to drop current rbuffer and proceed with whatever remains in b */
|
||||
} else if (r < 0) {
|
||||
free(b);
|
||||
return r;
|
||||
}
|
||||
|
||||
/* rbuffer ownership was either transferred to t, or we got EBADMSG and dropped it. */
|
||||
bus->rbuffer = b;
|
||||
bus->rbuffer_size -= size;
|
||||
|
||||
|
|
Loading…
Reference in a new issue