c-e: fix bad unref causing heap corruption

The "mac-address" property implemented by a few NMSetting subclasses is
a string, not a boxed GByteArray.

Replace the g_byte_array_unref with a g_free. On a hunch, also check if
the returned string is empty instead of just NULL, which might be more
correct.

Using g_byte_array_unref on a string causes silent heap corruption,
resulting in a crash somewhere else in malloc_consolidate or similar.
For me, nm-connection-editor almost always crashed when opening or
closing the settings for an active bridge connection.

valgrind caught an invalid read done by g_array_unref, but neither gdb
nor "_MALLOC_CHECK=1 G_SLICE=always-malloc" was any help.

https://bugzilla.gnome.org/show_bug.cgi?id=777787

1 files changed, 5 insertions, 3 deletions

diff --git a/src/connection-editor/page-master.c b/src/connection-editor/page-master.c
index 42d97da0..e73c08f5 100644
--- a/src/connection-editor/page-master.c
+++ b/src/connection-editor/page-master.c
@@ -196,16 +196,18 @@ get_device_for_connection (NMClient *client, NMConnection *conn)
 	if (   !nm_setting_connection_get_interface_name (s_con)
 	       && !nm_connection_get_interface_name (conn)) {
 		NMSetting *s_hw;
-		GByteArray *mac_address;
+		gchar *mac_address;
 
 		s_hw = nm_connection_get_setting_by_name (conn, nm_setting_connection_get_connection_type (s_con));
 		if (!s_hw || !g_object_class_find_property (G_OBJECT_GET_CLASS (s_hw), "mac-address"))
 			return NULL;
 
 		g_object_get (G_OBJECT (s_hw), "mac-address", &mac_address, NULL);
-		if (!mac_address)
+		if (!mac_address || !mac_address[0]) {
+			g_free (mac_address);
 			return NULL;
-		g_byte_array_unref (mac_address);
+		}
+		g_free (mac_address);
 	}
 
 	/* OK, now find that device */