Mercurial > pidgin

comparison libpurple/protocols/msn/slplink.c @ 30089:287fc4ac2bd9

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Add and remove an extra ref per MsnMessage when saving it in a slpmsg, to fix a possible use-after-free from valgrind. Also, don't traverse slpmsg->msgs twice.
author Elliott Sales de Andrade <qulogic@pidgin.im>
date Mon, 24 May 2010 06:27:03 +0000
parents e432507151d1
children 3f7f469ee1d0 2bc54dfae627
comparison
equal deleted inserted replaced
30088:e432507151d1 30089:287fc4ac2bd9
320 #ifdef MSN_DEBUG_SLP_FILES 320 #ifdef MSN_DEBUG_SLP_FILES
321 debug_msg_to_file(msg, TRUE); 321 debug_msg_to_file(msg, TRUE);
322 #endif 322 #endif
323 323
324 slpmsg->msgs = 324 slpmsg->msgs =
325 g_list_append(slpmsg->msgs, msg); 325 g_list_append(slpmsg->msgs, msn_message_ref(msg));
326 msn_slplink_send_msg(slplink, msg); 326 msn_slplink_send_msg(slplink, msg);
327 327
328 if ((slpmsg->flags == 0x20 || slpmsg->flags == 0x1000020 || 328 if ((slpmsg->flags == 0x20 || slpmsg->flags == 0x1000020 ||
329 slpmsg->flags == 0x1000030) && 329 slpmsg->flags == 0x1000030) &&
330 (slpmsg->slpcall != NULL)) 330 (slpmsg->slpcall != NULL))
379 slpmsg->slpcall->cb(slpmsg->slpcall, 379 slpmsg->slpcall->cb(slpmsg->slpcall,
380 NULL, 0); 380 NULL, 0);
381 } 381 }
382 } 382 }
383 } 383 }
384
385 msn_message_unref(msg);
384 } 386 }
385 387
386 /* We have received the message nak. */ 388 /* We have received the message nak. */
387 static void 389 static void
388 msg_nak(MsnMessage *msg, void *data) 390 msg_nak(MsnMessage *msg, void *data)
392 slpmsg = data; 394 slpmsg = data;
393 395
394 msn_slplink_send_msgpart(slpmsg->slplink, slpmsg); 396 msn_slplink_send_msgpart(slpmsg->slplink, slpmsg);
395 397
396 slpmsg->msgs = g_list_remove(slpmsg->msgs, msg); 398 slpmsg->msgs = g_list_remove(slpmsg->msgs, msg);
399 msn_message_unref(msg);
397 } 400 }
398 401
399 static void 402 static void
400 msn_slplink_release_slpmsg(MsnSlpLink *slplink, MsnSlpMessage *slpmsg) 403 msn_slplink_release_slpmsg(MsnSlpLink *slplink, MsnSlpMessage *slpmsg)
401 { 404 {