From: Philip Withnall <withnall@endlessm.com>
Date: Mon, 7 Aug 2017 18:49:17 +0000 (+0100)
Subject: lib/repo-finder: Avoid a potential unref-of-NULL crash
X-Git-Tag: archive/raspbian/2022.1-3+rpi1~1^2~4^2~33^2~34
X-Git-Url: https://dgit.raspbian.org/%22http:/www.example.com/cgi/%22https:/www.github.com/%22bookmarks:///%22http:/www.example.com/cgi/%22https:/www.github.com/%22bookmarks:/?a=commitdiff_plain;h=0d2a9a79090a2d3bbe3f638018c473c4cc2f3b11;p=ostree.git

lib/repo-finder: Avoid a potential unref-of-NULL crash

As the comment explains, it’s possible for a result to be freed while
ref_to_checksum is NULL, even though normally the data structure
guarantees it’s non-NULL. This was causing crashes when results were
filtered out of a find-remotes call. Guard against that.

Signed-off-by: Philip Withnall <withnall@endlessm.com>

Closes: #1058
Approved by: cgwalters
---

diff --git a/src/libostree/ostree-repo-finder.c b/src/libostree/ostree-repo-finder.c
index 7893978d..1ddb2c62 100644
--- a/src/libostree/ostree-repo-finder.c
+++ b/src/libostree/ostree-repo-finder.c
@@ -550,7 +550,9 @@ ostree_repo_finder_result_free (OstreeRepoFinderResult *result)
 {
   g_return_if_fail (result != NULL);
 
-  g_hash_table_unref (result->ref_to_checksum);
+  /* This may be NULL iff the result is freed half-way through find_remotes_cb()
+   * in ostree-repo-pull.c, and at no other time. */
+  g_clear_pointer (&result->ref_to_checksum, g_hash_table_unref);
   g_object_unref (result->finder);
   ostree_remote_unref (result->remote);
   g_free (result);