From e264df66b194cfe5ebea2c308d7d8a9958ab353c Mon Sep 17 00:00:00 2001
From: Bastien Nocera <hadess@hadess.net>
Date: Mon, 5 Nov 2012 09:35:13 +0100
Subject: [PATCH] region: Fix possible crasher on startup

When the X11Variant localed property was empty, variants[i] was
being checked even though only variants[0] was defined (an empty
string).

==17035== Invalid read of size 8
==17035==    at 0x26B9529A: on_localed_properties_changed (gnome-region-panel-system.c:339)
==17035==    by 0x26B95546: localed_proxy_ready (gnome-region-panel-system.c:381)
==17035==    by 0x8CA2589: g_simple_async_result_complete (gsimpleasyncresult.c:775)
==17035==    by 0x8CA25BB: complete_in_idle_cb (gsimpleasyncresult.c:787)
==17035==    by 0x94B8ED4: g_idle_dispatch (gmain.c:4806)
==17035==    by 0x94B6890: g_main_dispatch (gmain.c:2715)
==17035==    by 0x94B7440: g_main_context_dispatch (gmain.c:3219)
==17035==    by 0x94B7623: g_main_context_iterate (gmain.c:3290)
==17035==    by 0x94B76E7: g_main_context_iteration (gmain.c:3351)
==17035==    by 0x8CDB1A1: g_application_run (gapplication.c:1620)
==17035==    by 0x4083C6: main (control-center.c:256)
==17035==  Address 0x13b92e18 is 0 bytes after a block of size 8 alloc'd
==17035==    at 0x4A0883C: malloc (vg_replace_malloc.c:270)
==17035==    by 0x94BE97B: standard_malloc (gmem.c:85)
==17035==    by 0x94BEA04: g_malloc (gmem.c:159)
==17035==    by 0x94BED2F: g_malloc_n (gmem.c:400)
==17035==    by 0x94DB26A: g_strsplit (gstrfuncs.c:2281)
==17035==    by 0x26B95169: on_localed_properties_changed (gnome-region-panel-system.c:319)
==17035==    by 0x26B95546: localed_proxy_ready (gnome-region-panel-system.c:381)
==17035==    by 0x8CA2589: g_simple_async_result_complete (gsimpleasyncresult.c:775)
==17035==    by 0x8CA25BB: complete_in_idle_cb (gsimpleasyncresult.c:787)
==17035==    by 0x94B8ED4: g_idle_dispatch (gmain.c:4806)
==17035==    by 0x94B6890: g_main_dispatch (gmain.c:2715)
==17035==    by 0x94B7440: g_main_context_dispatch (gmain.c:3219)
---
 panels/region/gnome-region-panel-system.c | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/panels/region/gnome-region-panel-system.c b/panels/region/gnome-region-panel-system.c
index 20c623cbd..c8890d782 100644
--- a/panels/region/gnome-region-panel-system.c
+++ b/panels/region/gnome-region-panel-system.c
@@ -313,15 +313,21 @@ on_localed_properties_changed (GDBusProxy   *proxy,
                 return;
         }
 
+        variants = NULL;
+        g_object_set_data_full (G_OBJECT (label), "input_variants", NULL, g_free);
+
         w = g_dbus_proxy_get_cached_property (proxy, "X11Variant");
         if (w) {
-                variants = g_strsplit (g_variant_get_string (w, NULL), ",", -1);
-                g_object_set_data_full (G_OBJECT (label), "input_variants",
-                                        g_variant_dup_string (w, NULL), g_free);
+                const char *variants_str;
+
+                variants_str = g_variant_get_string (w, NULL);
+                g_debug ("Got variants '%s'", variants_str);
+                if (variants_str && *variants_str != '\0') {
+                        variants = g_strsplit (variants_str, ",", -1);
+                        g_object_set_data_full (G_OBJECT (label), "input_variants",
+                                                g_strdup (variants_str), g_free);
+                }
                 g_variant_unref (w);
-        } else {
-                variants = NULL;
-                g_object_set_data_full (G_OBJECT (label), "input_variants", NULL, g_free);
         }
 
         if (variants && variants[0])