mirror of git://git.sysmocom.de/ofono
gdbus: Fix crash when watch is toggled or disconnected
This partially reverts 510b32b7156625b9df737c916b7a7a5c6fb285b9 since it still necessary to take a reference before calling dbus_watch_handle since internally it can call watch_info_free as in the following trace: Invalid read of size 8 at 0x121085: watch_func (mainloop.c:105) by 0x4C72694: g_main_context_dispatch (gmain.c:2539) by 0x4C729C7: g_main_context_iterate.isra.23 (gmain.c:3146) by 0x4C72DC1: g_main_loop_run (gmain.c:3340) by 0x120541: main (main.c:551) Address 0x5bbcd90 is 16 bytes inside a block of size 24 free'd at 0x4A079AE: free (vg_replace_malloc.c:427) by 0x4C7837E: g_free (gmem.c:252) by 0x4F708BF: dbus_watch_set_data (dbus-watch.c:614) by 0x4F70938: _dbus_watch_unref (dbus-watch.c:132) by 0x4F6E9A7: _dbus_transport_handle_watch (dbus-transport.c:884) by 0x4F59AFB: _dbus_connection_handle_watch (dbus-connection.c:1497) by 0x4F70AF9: dbus_watch_handle (dbus-watch.c:683) by 0x121084: watch_func (mainloop.c:103) by 0x4C72694: g_main_context_dispatch (gmain.c:2539) by 0x4C729C7: g_main_context_iterate.isra.23 (gmain.c:3146) by 0x4C72DC1: g_main_loop_run (gmain.c:3340) by 0x120541: main (main.c:551)
This commit is contained in:
parent
08e673050a
commit
1e0c41889f
|
@ -88,16 +88,22 @@ static gboolean watch_func(GIOChannel *chan, GIOCondition cond, gpointer data)
|
||||||
struct watch_info *info = data;
|
struct watch_info *info = data;
|
||||||
unsigned int flags = 0;
|
unsigned int flags = 0;
|
||||||
DBusDispatchStatus status;
|
DBusDispatchStatus status;
|
||||||
|
DBusConnection *conn;
|
||||||
|
|
||||||
if (cond & G_IO_IN) flags |= DBUS_WATCH_READABLE;
|
if (cond & G_IO_IN) flags |= DBUS_WATCH_READABLE;
|
||||||
if (cond & G_IO_OUT) flags |= DBUS_WATCH_WRITABLE;
|
if (cond & G_IO_OUT) flags |= DBUS_WATCH_WRITABLE;
|
||||||
if (cond & G_IO_HUP) flags |= DBUS_WATCH_HANGUP;
|
if (cond & G_IO_HUP) flags |= DBUS_WATCH_HANGUP;
|
||||||
if (cond & G_IO_ERR) flags |= DBUS_WATCH_ERROR;
|
if (cond & G_IO_ERR) flags |= DBUS_WATCH_ERROR;
|
||||||
|
|
||||||
|
/* Protect connection from being destroyed by dbus_watch_handle */
|
||||||
|
conn = dbus_connection_ref(info->conn);
|
||||||
|
|
||||||
dbus_watch_handle(info->watch, flags);
|
dbus_watch_handle(info->watch, flags);
|
||||||
|
|
||||||
status = dbus_connection_get_dispatch_status(info->conn);
|
status = dbus_connection_get_dispatch_status(conn);
|
||||||
queue_dispatch(info->conn, status);
|
queue_dispatch(conn, status);
|
||||||
|
|
||||||
|
dbus_connection_unref(conn);
|
||||||
|
|
||||||
return TRUE;
|
return TRUE;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue