If we pass an invalid xml to sdp_xml_parse_record(), then it returns
NULL. Further we are passing the this NULL pointer to the
sdp_record_free(), which leads to invalid memory access.
---
plugins/service.c | 1 -
1 files changed, 0 insertions(+), 1 deletions(-)
diff --git a/plugins/service.c b/plugins/service.c
index d73cdea..14a5cb6 100644
--- a/plugins/service.c
+++ b/plugins/service.c
@@ -436,7 +436,6 @@ static DBusMessage *update_xml_record(DBusConnection *conn,
sdp_record = sdp_xml_parse_record(record, len);
if (!sdp_record) {
error("Parsing of XML service record failed");
- sdp_record_free(sdp_record);
return btd_error_failed(msg,
"Parsing of XML service record failed");
}
--
1.7.4.1
Hi Syam,
On Sun, Sep 18, 2011, Syam Sidhardhan wrote:
> If we pass an invalid xml to sdp_xml_parse_record(), then it returns
> NULL. Further we are passing the this NULL pointer to the
> sdp_record_free(), which leads to invalid memory access.
> ---
> plugins/service.c | 1 -
> 1 files changed, 0 insertions(+), 1 deletions(-)
Applied. Thanks.
Johan