>From 14bbd3dd72114deaa96de16028b3822ecea8c40e Mon Sep 17 00:00:00 2001
From: Patrick Ohly <patrick.ohly@intel.com>
Date: Wed, 26 Aug 2009 11:04:11 +0200
Subject: [PATCH 01/12] example.c: demonstrate segfault in watch handling

g_dbus_add_disconnect_watch/g_dbus_remove_watch/g_dbus_add_disconnect_watch segfaults:
=28457== Invalid read of size 4
==28457==    at 0x4E32238: g_dbus_add_service_watch (watch.c:239)
==28457==    by 0x4E3263C: g_dbus_add_disconnect_watch (watch.c:422)
==28457==    by 0x401007: main (example.c:108)
==28457==  Address 0x5ae5350 is 16 bytes inside a block of size 24 free'd
==28457==    at 0x4C265AF: free (vg_replace_malloc.c:323)
==28457==    by 0x4E32419: g_dbus_remove_watch (watch.c:312)
==28457==    by 0x400FE9: main (example.c:107)
---
 test/example.c |    5 +++++
 1 files changed, 5 insertions(+), 0 deletions(-)

diff --git a/test/example.c b/test/example.c
index 8a98219..74c3e38 100644
--- a/test/example.c
+++ b/test/example.c
@@ -75,6 +75,7 @@ int main(int argc, char *argv[])
 	DBusConnection *conn;
 	DBusError err;
 	struct sigaction sa;
+	guint watch;
 
 	memset(&sa, 0, sizeof(sa));
 	sa.sa_handler = sig_term;
@@ -102,6 +103,10 @@ int main(int argc, char *argv[])
 	g_dbus_register_interface(conn, "/test", "org.example.Test",
 					methods, signals, NULL, NULL, NULL);
 
+	watch = g_dbus_add_disconnect_watch(conn, "com.no.such.service", NULL, NULL, NULL);
+	g_dbus_remove_watch(conn, watch);
+	watch = g_dbus_add_disconnect_watch(conn, "com.still.no.such.service", NULL, NULL, NULL);
+
 	g_main_loop_run(main_loop);
 
 	g_dbus_unregister_interface(conn, "/test", "org.example.Test");
-- 
1.6.5