On 03/08/17 06:53, Ben Chan wrote: > The following checks in mm_modem_firmware_select() and > mm_modem_firmware_select_sync() could result in a NULL pointer > dereference if `unique_id' is NULL: > > g_return_if_fail (unique_id != NULL || unique_id[0] == '\0') > g_return_val_if_fail (unique_id != NULL || unique_id[0] == '\0', FALSE) > > This patch fixes the checks to properly verify that `unique_id' is > neither NULL nor an empty string. > ---
Pushed to git master, mm-1-6, mm-1-4 and mm-1-2, thanks! > libmm-glib/mm-modem-firmware.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/libmm-glib/mm-modem-firmware.c b/libmm-glib/mm-modem-firmware.c > index 0bc6c6bd..734b8959 100644 > --- a/libmm-glib/mm-modem-firmware.c > +++ b/libmm-glib/mm-modem-firmware.c > @@ -128,7 +128,7 @@ mm_modem_firmware_select (MMModemFirmware *self, > gpointer user_data) > { > g_return_if_fail (MM_IS_MODEM_FIRMWARE (self)); > - g_return_if_fail (unique_id != NULL || unique_id[0] == '\0'); > + g_return_if_fail (unique_id != NULL && unique_id[0] != '\0'); > > mm_gdbus_modem_firmware_call_select (MM_GDBUS_MODEM_FIRMWARE (self), > unique_id, cancellable, callback, user_data); > } > @@ -157,7 +157,7 @@ mm_modem_firmware_select_sync (MMModemFirmware *self, > GError **error) > { > g_return_val_if_fail (MM_IS_MODEM_FIRMWARE (self), FALSE); > - g_return_val_if_fail (unique_id != NULL || unique_id[0] == '\0', FALSE); > + g_return_val_if_fail (unique_id != NULL && unique_id[0] != '\0', FALSE); > > return mm_gdbus_modem_firmware_call_select_sync (MM_GDBUS_MODEM_FIRMWARE > (self), unique_id, cancellable, error); > } > -- Aleksander https://aleksander.es _______________________________________________ ModemManager-devel mailing list ModemManager-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/modemmanager-devel