From d4d5eae9af14e89d3619e48f9a5a033eca78f094 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Fri, 28 Nov 2008 16:04:57 +0000 Subject: [PATCH] Bug 14579: remove pending call from hash table before cancelling it Previously, the code implicitly assumed that cancelling the pending call would not cause the DBusGProxy to be freed. This can fail if user_data for the pending call holds the last reference to the DBusGProxy - in this case, it is unsafe to be manipulating the contents of "priv" after the call is cancelled. --- dbus/dbus-gproxy.c | 3 +-- 1 files changed, 1 insertions(+), 2 deletions(-) diff --git a/dbus/dbus-gproxy.c b/dbus/dbus-gproxy.c index b379c20..cdf6398 100644 --- a/dbus/dbus-gproxy.c +++ b/dbus/dbus-gproxy.c @@ -2733,11 +2733,10 @@ dbus_g_proxy_cancel_call (DBusGProxy *proxy, call_id = DBUS_G_PROXY_CALL_TO_ID (call); pending = g_hash_table_lookup (priv->pending_calls, GUINT_TO_POINTER (call_id)); + g_hash_table_remove (priv->pending_calls, GUINT_TO_POINTER (call_id)); g_return_if_fail (pending != NULL); dbus_pending_call_cancel (pending); - - g_hash_table_remove (priv->pending_calls, GUINT_TO_POINTER (call_id)); } /** -- 1.6.2.4