#14576 describes a crash in Telepathy code caused by dbus_pending_call_cancel - briefly, if freeing the user_data of a pending call causes the DBusGProxy to be freed, then dbus_pending_call_cancel will segfault. dbus_pending_call_cancel should either ref the DBusGProxy before calling out to user code and unref it afterwards, or be re-ordered so that it does not assume the DBusGProxy to be valid after user code runs. I fixed #14576 by temporarily reffing the DBusGProxy around the call to dbus_pending_call_cancel, so I can confirm that this works.
Added URL https://bugs.freedesktop.org/show_bug.cgi?id=14576
Proposed patch, please review: http://git.collabora.co.uk/?p=user/smcv/dbus-glib-smcv.git;a=commitdiff;h=d4d5eae9af14e89d3619e48f9a5a033eca78f094
Created attachment 25182 [details] [review] proposed patch (branch 14579-remove-before-cancel in my git repo) Patch attached for your reviewing convenience. http://git.collabora.co.uk/?p=user/smcv/dbus-glib-smcv.git;a=shortlog;h=refs/heads/14579-remove-before-cancel This patch can be pulled from: git://git.collabora.co.uk/git/user/smcv/dbus-glib-smcv.git 14579-remove-before-cancel
If someone's doing a release with support for duplicate object registrations, I'd love to see this go in too. Any reviewers around?
This patch looks fine to me, FWIW.
I'm going to consider that to be a positive review. Fixed in git for 0.88.
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.