>From 3bb0e1e01230f50f66b3004ca385d73c49bff2c6 Mon Sep 17 00:00:00 2001 From: Patrick Ohly Date: Wed, 26 Aug 2009 11:05:14 +0200 Subject: [PATCH 02/12] fix for ConnectionData handling g_dbus_remove_watch() decremented the slot ref count and freed the ConnectionData associated with it if the ref count reached zero. This left a dangling pointer to the ConnectionData instance in the slot, which was found and used once the slot got recycled. The new approach is to clear the data pointer in the slot if its last user (watch or handler) is gone. --- src/watch.c | 13 +++++++------ 1 files changed, 7 insertions(+), 6 deletions(-) diff --git a/src/watch.c b/src/watch.c index 74d1b6c..8147684 100644 --- a/src/watch.c +++ b/src/watch.c @@ -302,16 +302,17 @@ gboolean g_dbus_remove_watch(DBusConnection *connection, guint tag) return FALSE; done: - dbus_connection_free_data_slot(&connection_slot); - - DBG("connection slot %d", connection_slot); - - if (connection_slot < 0) { + if (!data->watches && !data->handlers) { dbus_connection_remove_filter(connection, filter_function, data); - g_free(data); + dbus_connection_set_data(connection, connection_slot, NULL, NULL); + g_free(data); } + dbus_connection_free_data_slot(&connection_slot); + + DBG("connection slot %d", connection_slot); + return TRUE; } -- 1.6.5