From 2501b347efac03bfb2fb5007784933fcf61e135e Mon Sep 17 00:00:00 2001 From: Arnav Singh Date: Sat, 15 Jun 2024 10:11:38 -0700 Subject: [PATCH] spa: bluez: fix crash when receiving signal from modemmanager 6e581deb9159fe12a14b3072a79b02bba87afa62 added an `spa_autoptr(DbusMessage) m` for the new message sent out when a signal is received from modemmanager. However this ended up shadowing the original `m` function arg, so the code that wanted to interrogate the original arg with `dbus_get_message_path` etc ended up interrogating this `NULL` value instead. This triggered a NULL-check in `dbus_get_message_path` and caused the process to abort. Original downstream report: https://gitlab.com/postmarketOS/pmaports/-/issues/2886 --- spa/plugins/bluez5/modemmanager.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/spa/plugins/bluez5/modemmanager.c b/spa/plugins/bluez5/modemmanager.c index f30876f5c..0ed3d46fe 100644 --- a/spa/plugins/bluez5/modemmanager.c +++ b/spa/plugins/bluez5/modemmanager.c @@ -570,7 +570,7 @@ static DBusHandlerResult mm_filter_cb(DBusConnection *bus, DBusMessage *m, void const char *path; struct call *call_object; const char *mm_call_interface = MM_DBUS_INTERFACE_CALL; - spa_autoptr(DBusMessage) m = NULL; + spa_autoptr(DBusMessage) m2 = NULL; if (!spa_streq(this->modem.path, dbus_message_get_path(m))) goto finish; @@ -590,12 +590,12 @@ static DBusHandlerResult mm_filter_cb(DBusConnection *bus, DBusMessage *m, void call_object->path = strdup(path); spa_list_append(&this->call_list, &call_object->link); - m = dbus_message_new_method_call(MM_DBUS_SERVICE, path, DBUS_INTERFACE_PROPERTIES, "GetAll"); - if (m == NULL) + m2 = dbus_message_new_method_call(MM_DBUS_SERVICE, path, DBUS_INTERFACE_PROPERTIES, "GetAll"); + if (m2 == NULL) goto finish; - dbus_message_append_args(m, DBUS_TYPE_STRING, &mm_call_interface, DBUS_TYPE_INVALID); + dbus_message_append_args(m2, DBUS_TYPE_STRING, &mm_call_interface, DBUS_TYPE_INVALID); - call_object->pending = send_with_reply(this->conn, m, mm_get_call_properties_reply, call_object); + call_object->pending = send_with_reply(this->conn, m2, mm_get_call_properties_reply, call_object); if (!call_object->pending) { spa_log_error(this->log, "dbus call failure"); goto finish;