Bug 20133

Summary: g_idle_add callbacks use freed data in media-channel.c
Product: Telepathy Reporter: Alban Crequy <alban.crequy>
Component: gabbleAssignee: Telepathy bugs list <telepathy-bugs>
Status: RESOLVED FIXED QA Contact: Telepathy bugs list <telepathy-bugs>
Severity: normal    
Priority: medium    
Version: unspecified   
Hardware: Other   
OS: All   
Whiteboard:
i915 platform: i915 features:

Description Alban Crequy 2009-02-16 01:04:21 UTC
telepathy-gabble 0.7.20

On src/media-channel.c line 336:
      /* We want streams to appear on DBus after the channel is signalled */
      g_idle_add ((GSourceFunc) _create_streams, GABBLE_MEDIA_CHANNEL (obj));

_create_stream access priv->session but it is NULL or freed.

I see some crashes:

Signal 11 (SIGSEGV)
0   gabble_jingle_session_get_contents (sess=0x0) at jingle-session.c:1662
1   _create_streams (chan=0xe0550) at media-channel.c:209
2   g_idle_dispatch (callback=0x66a64 <_create_streams>, user_data=0x0) at gmain.c:4233
3   IA__g_main_context_dispatch (context=0xa4b00) at gmain.c:2142
4   g_main_context_iterate (context=0xa4b00, block=1, dispatch=1) at gmain.c:2776
5   IA__g_main_loop_run (loop=0xa2fe0) at gmain.c:2984
6   tp_run_connection_manager (version=0x8860c "0.7.20", construct_cm=0x14808 <construct_cm>, argv=0xbeaa86c4) at run.c:264
7   gabble_main (argc=1, argv=0xbeaa86c4) at gabble.c:76
8   main (argc=0, argv=0x66a64) at main.c:27
9   __libc_start_main () from /lib/libc.so.6
10  _start () from unknown 


g_idle_add callbacks should be cancelled when the object is disposed.

A similar problem existed in JingleSession, already fixed by a78c2982ae8d8931f9b45892931b33bb180a2abc.

Other g_idle_add callbacks should be checked, to see if they have the same problem:
find . -name "*.[ch]" | xargs grep -nH "g_idle_add"
Comment 1 Will Thompson 2009-02-19 11:37:29 UTC
Fixed in 0.7.21.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.