From d906f84a441ad70e42fd6d5eac8837a8a8639aaa Mon Sep 17 00:00:00 2001
From: Matthias Clasen <mclasen@redhat.com>
Date: Tue, 16 Oct 2012 21:07:13 -0400
Subject: [PATCH] GBytes: deal with a corner-case

When calling g_bytes_unref_to_data on a GBytes with NULL data
we could end up with double-free or use-after-free issues.
https://bugzilla.gnome.org/show_bug.cgi?id=686091
---
 glib/gbytes.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/glib/gbytes.c b/glib/gbytes.c
index daf564245..93f74ddf2 100644
--- a/glib/gbytes.c
+++ b/glib/gbytes.c
@@ -390,7 +390,7 @@ try_steal_and_unref (GBytes         *bytes,
 {
   gpointer result;
 
-  if (bytes->free_func != free_func)
+  if (bytes->free_func != free_func || bytes->data == NULL)
     return NULL;
 
   /* Are we the only reference? */