Wrongly use libdbus APIs which can cause DoS
Hi, developers:
According to Documentation of D-Bus ,for dbus_message_iter_get_signature()
API, the returned string must be freed with dbus_free().
However, the function_atspi_dbus_set_interfaces
at atspi/atspi-misc.c
,in line 1407,call dbus_message_iter_get_signature ()
while missing dbus_free()
after use. This bug results in memory leak.
In some cases, this function may be called many times, the memory consumption would be huge, which may cause the process to corrupt.
1398 void
1399 _atspi_dbus_set_interfaces (AtspiAccessible *accessible, DBusMessageIter *iter)
1400 {
...
1405 if (strcmp (iter_sig, "as") != 0)
1406 {
1407 g_warning ("_atspi_dbus_set_interfaces: Passed iterator with invalid signature %s", dbus_message_iter_get_signature (iter));
1408 dbus_free (iter_sig);
1409 return;
1410 }