If the GetNameOwner call hasn't completed by the time that the service goes away (if it's crashed, or whatever), and then the service gets restarted, then the the original GetNameOwner call isn't canceled when the proxy is replaced by the proxy for the new service instance. Thus, the g_assert (priv->associated == TRUE); will fail and abort the dbus-glib user.
Maybe something like: if (!priv->for_owner) { if (priv->name_call) { dbus_g_proxy_cancel_call (manager->bus_proxy, priv->name_call); priv->name_call = NULL; } else g_assert (priv->associated); g_assert (priv->name_call == NULL); priv->associated = FALSE; manager->unassociated_proxies = g_slist_prepend (manager->unassociated_proxies, proxy); }
That was my initial analysis, but I'm not so sure about it now. I think now this may happen if there are multiple proxies outstanding, with their NameOwnerChanged callbacks in different states. Still investigating...
Created attachment 20386 [details] [review] cancel inflight name_call Ok, I re-convinced myself that was the bug. Here's a provisional patch, still looking at writing a test case.
Your patch appears to fix the issue. I can't get my reproducer to crash with the patch applied to current F10 dbus-glib 0.76 rpms.
commit 3ca014ea6b55cd843f1c80b04a4e0ec41af6210e Author: Colin Walters <walters@verbum.org> Date: Mon Nov 17 18:30:32 2008 -0500 Bug 18573 - Fix race when service appears and disappears quickly We can't assert that a for_name_owner proxy is associated when we disassociate; if a service appears and disappears quickly, we won't be associated yet. So remove the assertion. Correspondingly we need to cancel any inflight GetNameOwner call when disassociating proxies to avoid leaking.
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.