#14576 describes a crash in Telepathy code caused by dbus_pending_call_cancel - briefly, if freeing the user_data of a pending call causes the DBusGProxy to be freed, then dbus_pending_call_cancel will segfault.
dbus_pending_call_cancel should either ref the DBusGProxy before calling out to user code and unref it afterwards, or be re-ordered so that it does not assume the DBusGProxy to be valid after user code runs. I fixed #14576 by temporarily reffing the DBusGProxy around the call to dbus_pending_call_cancel, so I can confirm that this works.
Added URL https://bugs.freedesktop.org/show_bug.cgi?id=14576
Proposed patch, please review:
Created attachment 25182 [details] [review]
proposed patch (branch 14579-remove-before-cancel in my git repo)
Patch attached for your reviewing convenience.
This patch can be pulled from:
If someone's doing a release with support for duplicate object registrations, I'd love to see this go in too. Any reviewers around?
This patch looks fine to me, FWIW.
I'm going to consider that to be a positive review. Fixed in git for 0.88.