Bug 14579 - dbus_pending_call_cancel should not assume that user callback will not unref the proxy
Summary: dbus_pending_call_cancel should not assume that user callback will not unref ...
Alias: None
Product: dbus
Classification: Unclassified
Component: GLib (show other bugs)
Version: unspecified
Hardware: Other All
: medium normal
Assignee: Rob Taylor
QA Contact: John (J5) Palmieri
URL: https://bugs.freedesktop.org/show_bug...
Keywords: patch
Depends on:
Reported: 2008-02-20 03:38 UTC by Simon McVittie
Modified: 2010-05-04 04:21 UTC (History)
1 user (show)

See Also:
i915 platform:
i915 features:

proposed patch (branch 14579-remove-before-cancel in my git repo) (1.21 KB, patch)
2009-04-27 02:40 UTC, Simon McVittie
Details | Splinter Review

Description Simon McVittie 2008-02-20 03:38:42 UTC
#14576 describes a crash in Telepathy code caused by dbus_pending_call_cancel - briefly, if freeing the user_data of a pending call causes the DBusGProxy to be freed, then dbus_pending_call_cancel will segfault.

dbus_pending_call_cancel should either ref the DBusGProxy before calling out to user code and unref it afterwards, or be re-ordered so that it does not assume the DBusGProxy to be valid after user code runs. I fixed #14576 by temporarily reffing the DBusGProxy around the call to dbus_pending_call_cancel, so I can confirm that this works.
Comment 1 Simon McVittie 2008-02-20 03:39:21 UTC
Added URL https://bugs.freedesktop.org/show_bug.cgi?id=14576
Comment 3 Simon McVittie 2009-04-27 02:40:47 UTC
Created attachment 25182 [details] [review]
proposed patch (branch 14579-remove-before-cancel in my git repo)

Patch attached for your reviewing convenience.


This patch can be pulled from:

git://git.collabora.co.uk/git/user/smcv/dbus-glib-smcv.git 14579-remove-before-cancel
Comment 4 Simon McVittie 2009-09-29 06:27:23 UTC
If someone's doing a release with support for duplicate object registrations, I'd love to see this go in too. Any reviewers around?
Comment 5 Will Thompson 2009-09-29 07:12:56 UTC
This patch looks fine to me, FWIW.
Comment 6 Simon McVittie 2010-05-04 04:21:35 UTC
I'm going to consider that to be a positive review. Fixed in git for 0.88.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.