lib/repo-finder-avahi: Fix memory corruption of a GVariantIter

A GVariantIter* was being passed to a GVariant format string varargs, rather than a GVariantIter**. This resulted in memory corruption. So we can continue to reuse ref_map throughout the function, make it a GVariantIter* rather than a stack-allocated GVariantIter. Signed-off-by: Philip Withnall <withnall@endlessm.com> Closes: #1301 Approved by: cgwalters
author: Philip Withnall <withnall@endlessm.com> 2017-10-23 16:32:49 +0100
committer: Atomic Bot <atomic-devel@projectatomic.io> 2017-10-24 12:55:24 +0000
commit: 90680e1b29019c5b1b1210b4692877e2f3af1054 (patch)
tree: 920564a0d38d90e50d970deb1422bb5a978a2c56 /src/libostree/ostree-repo-finder-avahi.c
parent: ed15723cd1688a7f2c003c7cbc95be202166c33d (diff)
download: ostree-90680e1b29019c5b1b1210b4692877e2f3af1054.tar.gz
1 files changed, 6 insertions, 4 deletions
diff --git a/src/libostree/ostree-repo-finder-avahi.c b/src/libostree/ostree-repo-finder-avahi.c
index 0c88ad60..a2574712 100644
--- a/src/libostree/ostree-repo-finder-avahi.c
+++ b/src/libostree/ostree-repo-finder-avahi.c
@@ -466,7 +466,7 @@ fill_refs_and_checksums_from_summary (GVariant    *summary,
 {
   g_autoptr(GVariant) ref_map_v = NULL;
   g_autoptr(GVariant) additional_metadata_v = NULL;
-  GVariantIter ref_map;
+  g_autoptr(GVariantIter) ref_map = NULL;
   g_auto(GVariantDict) additional_metadata = OT_VARIANT_BUILDER_INITIALIZER;
   const gchar *collection_id;
   g_autoptr(GVariantIter) collection_map = NULL;
@@ -474,7 +474,7 @@ fill_refs_and_checksums_from_summary (GVariant    *summary,
   ref_map_v = g_variant_get_child_value (summary, 0);
   additional_metadata_v = g_variant_get_child_value (summary, 1);
 
-  g_variant_iter_init (&ref_map, ref_map_v);
+  ref_map = g_variant_iter_new (ref_map_v);
   g_variant_dict_init (&additional_metadata, additional_metadata_v);
 
   /* If the summary file specifies a collection ID (to apply to all the refs in its
@@ -485,10 +485,12 @@ fill_refs_and_checksums_from_summary (GVariant    *summary,
     {
       if (!ostree_validate_collection_id (collection_id, error))
         return FALSE;
-      if (!fill_refs_and_checksums_from_summary_map (&ref_map, collection_id, refs_and_checksums, error))
+      if (!fill_refs_and_checksums_from_summary_map (ref_map, collection_id, refs_and_checksums, error))
         return FALSE;
     }
 
+  g_clear_pointer (&ref_map, (GDestroyNotify) g_variant_iter_free);
+
   /* Repeat for the other collections listed in the summary. */
   if (g_variant_dict_lookup (&additional_metadata, OSTREE_SUMMARY_COLLECTION_MAP, "a{sa(s(taya{sv}))}", &collection_map))
     {
@@ -496,7 +498,7 @@ fill_refs_and_checksums_from_summary (GVariant    *summary,
         {
           if (!ostree_validate_collection_id (collection_id, error))
             return FALSE;
-          if (!fill_refs_and_checksums_from_summary_map (&ref_map, collection_id, refs_and_checksums, error))
+          if (!fill_refs_and_checksums_from_summary_map (ref_map, collection_id, refs_and_checksums, error))
             return FALSE;
         }
     }
author	Philip Withnall <withnall@endlessm.com>	2017-10-23 16:32:49 +0100
committer	Atomic Bot <atomic-devel@projectatomic.io>	2017-10-24 12:55:24 +0000
commit	90680e1b29019c5b1b1210b4692877e2f3af1054 (patch)
tree	920564a0d38d90e50d970deb1422bb5a978a2c56 /src/libostree/ostree-repo-finder-avahi.c
parent	ed15723cd1688a7f2c003c7cbc95be202166c33d (diff)
download	ostree-90680e1b29019c5b1b1210b4692877e2f3af1054.tar.gz