When running the telepathy-glib regression tests under valgrind: ==32347== Invalid read of size 4 ==32347== at 0x4267043: g_hash_table_foreach (ghash.c:679) ==32347== by 0x42F4A10: dbus_g_proxy_dispose (dbus-gproxy.c:1443) ==32347== by 0x4215C2F: g_object_run_dispose (gobject.c:573) ==32347== by 0x804948F: main (test-call-cancellation.c:261) ==32347== Address 0x44e8138 is 8 bytes inside a block of size 16 free'd ==32347== at 0x402465C: free (vg_replace_malloc.c:323) ==32347== by 0x427B9D0: g_free (gmem.c:187) ==32347== by 0x4267356: g_hash_node_destroy (ghash.c:860) ==32347== by 0x4267D09: g_hash_table_remove (ghash.c:448) ==32347== by 0x42F1651: dbus_g_proxy_cancel_call (dbus-gproxy.c:2668) ==32347== by 0x42F16C3: cancel_pending_call (dbus-gproxy.c:1428) ==32347== by 0x4267042: g_hash_table_foreach (ghash.c:680) ==32347== by 0x42F4A10: dbus_g_proxy_dispose (dbus-gproxy.c:1443) ==32347== by 0x4215C2F: g_object_run_dispose (gobject.c:573) ==32347== by 0x804948F: main (test-call-cancellation.c:261) It turns out that dbus_g_proxy_dispose iterates the pending calls with g_hash_table_foreach, calling cancel_pending_call for each one; this causes a call to g_hash_table_remove. However, you're not allowed to modify a GHashTable while g_hash_table_foreach is running. dbus_g_proxy_dispose should instead call g_hash_table_foreach_remove, with some refactoring to the call-cancellation machinery to fit into this model.
This issue was fixed already by: commit 2cf62d7ff7d3a7bc450d0b60bb81a8365ffd310b Author: Ross Burton <ross@burtonini.com> Date: Wed Feb 27 14:19:48 2008 +0000 Fix pending call cancelling in proxy dispose The dispose treated the hash values as DBusGProxyCall objects, but they are DBusPendingCall (thanks Dafyd Harries).
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.