tox_new() should return null when savedata loading fails

Returning a valid tox instance when loading a corrupt savefile is probably not desired behaviour
2024-03-22 13:30:51 +08:00 · 2023-11-14 22:15:55 -05:00 · 2023-11-14 22:15:55 -05:00 · fc623a5281
commit fc623a5281
parent 06d949a701
3 changed files with 19 additions and 8 deletions
--- a/other/bootstrap_daemon/docker/tox-bootstrapd.sha256
+++ b/other/bootstrap_daemon/docker/tox-bootstrapd.sha256
@ -1 +1 @@
-9bec65f2a3093ebb49c3751dfad267482bc80d4b29ef9171f11d5ba53058d713  /usr/local/bin/tox-bootstrapd
+8942735f04e41962bbcfaeccbfa6487424ad78c910e932d93b5b6f56a6e852b7  /usr/local/bin/tox-bootstrapd
--- a/toxcore/tox.c
+++ b/toxcore/tox.c
@ -858,12 +858,23 @@ Tox *tox_new(const struct Tox_Options *options, Tox_Err_New *error)

    if (load_savedata_tox
            && tox_load(tox, tox_options_get_savedata_data(opts), tox_options_get_savedata_length(opts)) == -1) {
+        mono_time_free(tox->sys.mem, tox->mono_time);
+        tox_options_free(default_options);
+        tox_unlock(tox);
+
+        if (tox->mutex != nullptr) {
+            pthread_mutex_destroy(tox->mutex);
+        }
+
+        free(tox->mutex);
+        free(tox);
+
        SET_ERROR_PARAMETER(error, TOX_ERR_NEW_LOAD_BAD_FORMAT);
-    } else if (load_savedata_sk) {
+        return nullptr;
+    }
+
+    if (load_savedata_sk) {
        load_secret_key(tox->m->net_crypto, tox_options_get_savedata_data(opts));
-        SET_ERROR_PARAMETER(error, TOX_ERR_NEW_OK);
-    } else {
-        SET_ERROR_PARAMETER(error, TOX_ERR_NEW_OK);
    }

    m_callback_namechange(tox->m, tox_friend_name_handler);
@ -913,6 +924,9 @@ Tox *tox_new(const struct Tox_Options *options, Tox_Err_New *error)
    tox_options_free(default_options);

    tox_unlock(tox);
+
+    SET_ERROR_PARAMETER(error, TOX_ERR_NEW_OK);
+
    return tox;
 }

--- a/toxcore/tox.h
+++ b/toxcore/tox.h
@ -890,9 +890,6 @@ typedef enum Tox_Err_New {
 * This function will bring the instance into a valid state. Running the event
 * loop with a new instance will operate correctly.
 *
- * If loading failed or succeeded only partially, the new or partially loaded
- * instance is returned and an error code is set.
- *
 * @param options An options object as described above. If this parameter is
 *   NULL, the default options are used.
 *