From d841abdd86e56ddd324dd70dbe99a5c5e577b392 Mon Sep 17 00:00:00 2001 From: Enrico Joerns Date: Tue, 16 Jul 2024 00:08:06 +0200 Subject: [PATCH] src/bundle: fix freeing of GPtrArray in casync_make_arch() This fixes both a memory leakage and a prevented double-free. The 'iargs' pointer array is allocated using an auto pointer and a free function. This works quite well until manually calling g_ptr_array_free(). This correctly frees the pointer array structure and leaves the memory pointed at untouched. BUT, since 'iargs' itself is not NULL after this, the auto pointer cleanup will later attempt to free the GPtrArray a second time and causes an assertion error: | g_atomic_ref_count_dec: assertion 'old_value > 0' failed This can be fixed by simply accessing the pointer array data (->pdata) without manual freeing. Fixes #1461 Reported-by: Matteo Carnelos Signed-off-by: Enrico Joerns --- src/bundle.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/bundle.c b/src/bundle.c index 1aa268883..d38724a42 100644 --- a/src/bundle.c +++ b/src/bundle.c @@ -259,7 +259,7 @@ static gboolean casync_make_arch(const gchar *idxpath, const gchar *contentpath, g_ptr_array_add(args, g_strdup("fakeroot")); g_ptr_array_add(args, g_strdup("sh")); g_ptr_array_add(args, g_strdup("-c")); - g_ptr_array_add(args, g_strjoinv(" ", (gchar**) g_ptr_array_free(iargs, FALSE))); + g_ptr_array_add(args, g_strjoinv(" ", (gchar**) iargs->pdata)); g_ptr_array_add(args, NULL); res = r_subprocess_runv(args, G_SUBPROCESS_FLAGS_STDOUT_SILENCE, &ierror);