From d5386a5493ac646f7ca634340d332a6911f0f021 Mon Sep 17 00:00:00 2001
From: Philip Withnall <pwithnall@endlessos.org>
Date: Wed, 27 Apr 2022 15:01:08 +0100
Subject: [PATCH 1/2] gio-tool: Fix a minor memory leak when using gio-set with
 bytestrings
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Tested using:
```sh
touch ~/foo
gio set ~/foo -t bytestring user::test "\x00\x00"
```
(it doesn’t matter that this fails; the bytestring is still decoded)

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Coverity CID: #1474407
---
 gio/gio-tool-set.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/gio/gio-tool-set.c b/gio/gio-tool-set.c
index 4dbe1214f..c2a9431f6 100644
--- a/gio/gio-tool-set.c
+++ b/gio/gio-tool-set.c
@@ -76,12 +76,14 @@ handle_set (int argc, char *argv[], gboolean do_help)
   const char *attribute;
   GFileAttributeType type;
   gpointer value;
+  gpointer value_allocated = NULL;
   gboolean b;
   guint32 uint32;
   gint32 int32;
   guint64 uint64;
   gint64 int64;
   gchar *param;
+  int retval = 0;
 
   g_set_prgname ("gio set");
 
@@ -147,7 +149,7 @@ handle_set (int argc, char *argv[], gboolean do_help)
       value = argv[3];
       break;
     case G_FILE_ATTRIBUTE_TYPE_BYTE_STRING:
-      value = hex_unescape (argv[3]);
+      value = value_allocated = hex_unescape (argv[3]);
       break;
     case G_FILE_ATTRIBUTE_TYPE_BOOLEAN:
       b = g_ascii_strcasecmp (argv[3], "true") == 0;
@@ -194,11 +196,11 @@ handle_set (int argc, char *argv[], gboolean do_help)
     {
       print_error ("%s", error->message);
       g_error_free (error);
-      g_object_unref (file);
-      return 1;
+      retval = 1;
     }
 
+  g_clear_pointer (&value_allocated, g_free);
   g_object_unref (file);
 
-  return 0;
+  return retval;
 }

From a31474e41d2dad810aa905bd932bb66fb1227ca0 Mon Sep 17 00:00:00 2001
From: Philip Withnall <pwithnall@endlessos.org>
Date: Thu, 28 Apr 2022 10:56:10 +0100
Subject: [PATCH 2/2] gopenuriportal: Fix a use-after-free on an error path

`path` was used in building the error message after it had been freed.
Spotted by scan-build.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Helps: #1767
---
 gio/gopenuriportal.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/gio/gopenuriportal.c b/gio/gopenuriportal.c
index 6ef8f037c..2f527d828 100644
--- a/gio/gopenuriportal.c
+++ b/gio/gopenuriportal.c
@@ -108,10 +108,10 @@ g_openuri_portal_open_uri (const char  *uri,
       errsv = errno;
       if (fd == -1)
         {
-	  g_free (path);
-	  g_variant_builder_clear (&opt_builder);
           g_set_error (error, G_IO_ERROR, g_io_error_from_errno (errsv),
                        "Failed to open '%s'", path);
+          g_free (path);
+          g_variant_builder_clear (&opt_builder);
           return FALSE;
         }