lib/repo-finder: Avoid a potential unref-of-NULL crash

As the comment explains, it’s possible for a result to be freed while
ref_to_checksum is NULL, even though normally the data structure
guarantees it’s non-NULL. This was causing crashes when results were
filtered out of a find-remotes call. Guard against that.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
Closes: #1058
Approved by: cgwalters

diff --git a/src/libostree/ostree-repo-finder.c b/src/libostree/ostree-repo-finder.c
index 7893978d406e31e20063d12d215a123fed066e60..1ddb2c62ac17244cd474ff7b5a66a098a3e41ea5 100644 (file)
--- a/src/libostree/ostree-repo-finder.c
+++ b/src/libostree/ostree-repo-finder.c
@@ -550,7 +550,9 @@ ostree_repo_finder_result_free (OstreeRepoFinderResult *result)
 {
   g_return_if_fail (result != NULL);
 
-  g_hash_table_unref (result->ref_to_checksum);
+  /* This may be NULL iff the result is freed half-way through find_remotes_cb()
+   * in ostree-repo-pull.c, and at no other time. */
+  g_clear_pointer (&result->ref_to_checksum, g_hash_table_unref);
   g_object_unref (result->finder);
   ostree_remote_unref (result->remote);
   g_free (result);