| Summary: | Gabble leak fixes | ||
|---|---|---|---|
| Product: | Telepathy | Reporter: | Dafydd Harries <dafydd.harries> |
| Component: | gabble | Assignee: | Dafydd Harries <dafydd.harries> |
| Status: | RESOLVED FIXED | QA Contact: | Telepathy bugs list <telepathy-bugs> |
| Severity: | normal | ||
| Priority: | medium | Keywords: | patch |
| Version: | unspecified | ||
| Hardware: | Other | ||
| OS: | All | ||
| Whiteboard: | |||
| i915 platform: | i915 features: | ||
|
Description
Dafydd Harries
2009-12-10 22:00:29 UTC
From the 0.8 version:
--- a/src/bytestream-factory.c
+++ b/src/bytestream-factory.c
@@ -1854,7 +1854,7 @@ streaminit_reply_cb (GabbleConnection *conn,
if (!data->object_alive)
{
DEBUG ("Object which requested the bytestream was disposed. Ignoring");
- return LM_HANDLER_RESULT_REMOVE_MESSAGE;
+ goto END;
}
END calls data->callback, but gabble_bytestream_factory_negotiate_stream()'s documentation says:
* @object: if non-NULL the handler will follow the lifetime of that object,
* which means that if the object is destroyed the callback will not be invoked.
--- a/src/presence-cache.c
+++ b/src/presence-cache.c
@@ -292,6 +292,10 @@ capability_info_recvd (GabblePresenceCache *cache, const gchar *node,
info->trust = 0;
info->caps_set = TRUE;
}
+ else
+ {
+ gabble_presence_cache_free_cache_entry (per_channel_manager_caps);
+ }
I'm a little suspicious of this. capability_info_recvd() is called from both branches of an 'if' in _caps_disco_cb(), but then per_channel_manager_caps is used in both branches of the following block. So if for some reason the cache already contains these caps, we'll be using a freed hash table...
Only the first of those comments applies to the 0.9 branch. fixed wjts comment for 0.9, made some new leak fixes and merged it in the 0.9 branch. Cloned the bug for the 0.8 branch |
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.