From e8659679cd3f8a7f02446cccf8def92231f9fd09 Mon Sep 17 00:00:00 2001 From: Christophe Fergeau Date: Thu, 22 Nov 2012 19:04:48 +0100 Subject: [PATCH] Sanitize memory handling in cups_request_printer_list_cb gtk+ was trying to display already freed strings, leaking memory, ...I noticed this because I was getting weird blinking characters as the status of my cups printers, and valgrind confirmed something was wrong. https://bugzilla.gnome.org/show_bug.cgi?id=683072 --- modules/printbackends/cups/gtkprintbackendcups.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/modules/printbackends/cups/gtkprintbackendcups.c b/modules/printbackends/cups/gtkprintbackendcups.c index 3c28a849fd..2c4bee9f4a 100644 --- a/modules/printbackends/cups/gtkprintbackendcups.c +++ b/modules/printbackends/cups/gtkprintbackendcups.c @@ -1696,7 +1696,7 @@ typedef struct const gchar *member_uris; const gchar *location; const gchar *description; - const gchar *state_msg; + gchar *state_msg; const gchar *reason_msg; PrinterStateLevel reason_level; gint state; @@ -1732,7 +1732,7 @@ cups_printer_handle_attribute (GtkPrintBackendCups *cups_backend, else if (strcmp (ippGetName (attr), "printer-info") == 0) info->description = ippGetString (attr, 0, NULL); else if (strcmp (ippGetName (attr), "printer-state-message") == 0) - info->state_msg = ippGetString (attr, 0, NULL); + info->state_msg = g_strdup (ippGetString (attr, 0, NULL)); else if (strcmp (ippGetName (attr), "printer-state-reasons") == 0) /* Store most important reason to reason_msg and set its importance at printer_state_reason_level */ @@ -2130,8 +2130,8 @@ cups_request_printer_list_cb (GtkPrintBackendCups *cups_backend, if (tmp_msg2 != NULL) { + g_free (info->state_msg); info->state_msg = tmp_msg2; - g_free (tmp_msg2); } } @@ -2159,14 +2159,18 @@ cups_request_printer_list_cb (GtkPrintBackendCups *cups_backend, if (info->reason_level >= GTK_PRINTER_STATE_LEVEL_WARNING) { if (strlen (info->state_msg) == 0) - info->state_msg = reason_msg_desc; + { + g_free (info->state_msg); + info->state_msg = reason_msg_desc; + reason_msg_desc = NULL; + } else { gchar *tmp_msg = NULL; tmp_msg = g_strjoin (" ; ", info->state_msg, reason_msg_desc, NULL); + g_free (info->state_msg); info->state_msg = tmp_msg; - g_free (tmp_msg); } } if (reason_msg_desc != NULL) @@ -2195,6 +2199,7 @@ cups_request_printer_list_cb (GtkPrintBackendCups *cups_backend, /* The ref is held by GtkPrintBackend, in add_printer() */ g_object_unref (printer); + g_free (info->state_msg); g_slice_free (PrinterSetupInfo, info); if (attr == NULL)