Mercurial > pidgin
diff libpurple/protocols/msn/slpmsg.c @ 30089:287fc4ac2bd9
Add and remove an extra ref per MsnMessage when saving it in a slpmsg, to
fix a possible use-after-free from valgrind. Also, don't traverse
slpmsg->msgs twice.
| author | Elliott Sales de Andrade <qulogic@pidgin.im> |
|---|---|
| date | Mon, 24 May 2010 06:27:03 +0000 |
| parents | 6aea98f6a5cd |
| children | a99b6dcdb60d |
line wrap: on
line diff
--- a/libpurple/protocols/msn/slpmsg.c Sun May 23 21:45:19 2010 +0000 +++ b/libpurple/protocols/msn/slpmsg.c Mon May 24 06:27:03 2010 +0000 @@ -67,7 +67,7 @@ if (slpmsg->img == NULL) g_free(slpmsg->buffer); - for (cur = slpmsg->msgs; cur != NULL; cur = cur->next) + for (cur = slpmsg->msgs; cur != NULL; cur = g_list_delete_link(cur, cur)) { /* Something is pointing to this slpmsg, so we should remove that * pointer to prevent a crash. */ @@ -78,8 +78,8 @@ msg->ack_cb = NULL; msg->nak_cb = NULL; msg->ack_data = NULL; + msn_message_unref(msg); } - g_list_free(slpmsg->msgs); slplink->slp_msgs = g_list_remove(slplink->slp_msgs, slpmsg);