mirrors/libfprint
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/libfprint/libfprint.git synced 2025-11-15 07:38:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

fpcmoc: fix use-after free in multiple callbacks

Browse Source 
Drop if statement that retrieves internal ssm->error.
"error" is already a copied ssm->error, so it makes no sense to return
internal copy which will be freed when ssm is marked as done.

Fixes #526
This commit is contained in:
Vasily Khoruzhick
2023-01-04 23:35:33 -08:00
parent db2fa81358
commit 62818b9407
1 changed files with 5 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
libfprint/drivers/fpcmoc/fpc.c
View File

@@ -1149,12 +1149,9 @@ fpc_enroll_ssm_done (FpiSsm *ssm, FpDevice *dev, GError *error)
fp_info ("Enrollment complete!");
if (fpi_ssm_get_error (ssm))
error = fpi_ssm_get_error (ssm);
if (error)
{
fpi_device_enroll_complete (dev, NULL, error);
fpi_device_enroll_complete (dev, NULL, g_steal_pointer (&error));
self->task_ssm = NULL;
return;
}
@@ -1336,9 +1333,6 @@ fpc_verify_ssm_done (FpiSsm *ssm, FpDevice *dev, GError *error)
fp_info ("Verify_identify complete!");
if (fpi_ssm_get_error (ssm))
error = fpi_ssm_get_error (ssm);
if (error && error->domain == FP_DEVICE_RETRY)
{
if (fpi_device_get_current_action (dev) == FPI_DEVICE_ACTION_VERIFY)
@@ -1348,9 +1342,9 @@ fpc_verify_ssm_done (FpiSsm *ssm, FpDevice *dev, GError *error)
}
if (fpi_device_get_current_action (dev) == FPI_DEVICE_ACTION_VERIFY)
fpi_device_verify_complete (dev, error);
fpi_device_verify_complete (dev, g_steal_pointer (&error));
else
fpi_device_identify_complete (dev, error);
fpi_device_identify_complete (dev, g_steal_pointer (&error));
self->task_ssm = NULL;
}
@@ -1448,10 +1442,7 @@ fpc_clear_ssm_done (FpiSsm *ssm, FpDevice *dev, GError *error)
fp_info ("Clear Storage complete!");
if (fpi_ssm_get_error (ssm))
error = fpi_ssm_get_error (ssm);
fpi_device_clear_storage_complete (dev, error);
fpi_device_clear_storage_complete (dev, g_steal_pointer (&error));
self->task_ssm = NULL;
}
@@ -1555,10 +1546,7 @@ fpc_init_ssm_done (FpiSsm *ssm, FpDevice *dev, GError *error)
{
FpiDeviceFpcMoc *self = FPI_DEVICE_FPCMOC (dev);
if (fpi_ssm_get_error (ssm))
error = fpi_ssm_get_error (ssm);
fpi_device_open_complete (dev, error);
fpi_device_open_complete (dev, g_steal_pointer (&error));
self->task_ssm = NULL;
}