From 5fe94801a659675f35b52f974942fb7ee9b8f3fc Mon Sep 17 00:00:00 2001
From: Weng Xuetian <wengxt@gmail.com>
Date: Wed, 29 Jun 2016 13:22:12 -0700
Subject: [PATCH] sd-bus: Fix a read after free error in bus-match. (#3624)
 (#3625)

The loop on bus_match_run should break and return immediately if
bus->match_callbacks_modified is true. Otherwise the loop may access
free'd data.
---
 src/libelogind/sd-bus/bus-match.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/libelogind/sd-bus/bus-match.c b/src/libelogind/sd-bus/bus-match.c
index dda0b5c50..3e6930a0d 100644
--- a/src/libelogind/sd-bus/bus-match.c
+++ b/src/libelogind/sd-bus/bus-match.c
@@ -429,6 +429,9 @@ int bus_match_run(
                         r = bus_match_run(bus, c, m);
                         if (r != 0)
                                 return r;
+
+                        if (bus && bus->match_callbacks_modified)
+                                return 0;
                 }
         }
 
-- 
2.30.2