diff options
| author | Dan Williams <dcbw@redhat.com> | 2013-04-24 15:04:57 -0500 |
|---|---|---|
| committer | Dan Williams <dcbw@redhat.com> | 2013-04-25 09:18:53 -0500 |
| commit | 18bfefba2dba3f5c77cd971820646d84a85f9334 (patch) | |
| tree | f39a482c39a098fbbdc3f74c60d5674515dc7936 | |
| parent | cabf53179eb0c660ff3bdfb765645a3d0f88530d (diff) | |
| download | ModemManager-18bfefba2dba3f5c77cd971820646d84a85f9334.tar.gz | |
iface-modem: fix array insertion when setting bands
You can't g_array_insert_val() to an index that's beyond the end
of the array, which was happening if the user tried to set the
band list to "any":
mmcli -m 0 --set-bands=any
Just use g_array_append_val() instead.
==5618== Invalid read of size 2
==5618== at 0x4A0A158: memcpy@GLIBC_2.2.5 (mc_replace_strmem.c:881)
==5618== by 0x326201D8FB: g_array_insert_vals (string3.h:57)
==5618== by 0x442EFB: mm_iface_modem_set_bands (mm-iface-modem.c:1982)
==5618== by 0x44307E: handle_set_bands_auth_ready (mm-iface-modem.c:2100)
==5618== by 0x326386DFF6: g_simple_async_result_complete (gsimpleasyncresult.c:775)
==5618== by 0x4358E3: authorize_ready (mm-base-modem.c:1300)
==5618== by 0x326386DFF6: g_simple_async_result_complete (gsimpleasyncresult.c:775)
==5618== by 0x326386E0F8: complete_in_idle_cb (gsimpleasyncresult.c:787)
==5618== by 0x3262047A54: g_main_context_dispatch (gmain.c:2715)
==5618== by 0x3262047D87: g_main_context_iterate.isra.24 (gmain.c:3290)
==5618== by 0x3262048181: g_main_loop_run (gmain.c:3484)
==5618== by 0x426235: main (main.c:142)
==5618== Address 0x10a7ea74e is not stack'd, malloc'd or (recently) free'd
==5618==
==5618==
==5618== Process terminating with default action of signal 11 (SIGSEGV)
==5618== Access not within mapped region at address 0x10A7EA74E
==5618== at 0x4A0A158: memcpy@GLIBC_2.2.5 (mc_replace_strmem.c:881)
==5618== by 0x326201D8FB: g_array_insert_vals (string3.h:57)
==5618== by 0x442EFB: mm_iface_modem_set_bands (mm-iface-modem.c:1982)
==5618== by 0x44307E: handle_set_bands_auth_ready (mm-iface-modem.c:2100)
==5618== by 0x326386DFF6: g_simple_async_result_complete (gsimpleasyncresult.c:775)
==5618== by 0x4358E3: authorize_ready (mm-base-modem.c:1300)
==5618== by 0x326386DFF6: g_simple_async_result_complete (gsimpleasyncresult.c:775)
==5618== by 0x326386E0F8: complete_in_idle_cb (gsimpleasyncresult.c:787)
==5618== by 0x3262047A54: g_main_context_dispatch (gmain.c:2715)
==5618== by 0x3262047D87: g_main_context_iterate.isra.24 (gmain.c:3290)
==5618== by 0x3262048181: g_main_loop_run (gmain.c:3484)
==5618== by 0x426235: main (main.c:142)
| -rw-r--r-- | src/mm-iface-modem.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/src/mm-iface-modem.c b/src/mm-iface-modem.c index 703de0279..8eadc73b0 100644 --- a/src/mm-iface-modem.c +++ b/src/mm-iface-modem.c @@ -1976,8 +1976,7 @@ mm_iface_modem_set_bands (MMIfaceModem *self, FALSE, sizeof (MMModemBand), supported_bands_array->len); - - g_array_insert_val (ctx->bands_array, i, band); + g_array_append_val (ctx->bands_array, band); } } } |