>From f113260eb33bbefc82f51ce1c0a93cd14c683ae5 Mon Sep 17 00:00:00 2001 From: Patrick Ohly Date: Thu, 27 Aug 2009 14:07:36 +0200 Subject: [PATCH 05/12] g_dbus_unregister_object(): fix same invalid memory reuse as for watches g_dbus_unregister_object() has the same logical flaw as g_dbus_remove_watch(): it left a dangling pointer to its data in the connection slot. This pointer was found when the slot was reused in the following call sequence: g_dbus_register_interface() g_dbus_unregister_interface() g_dbus_register_interface() The result was a segfault. --- src/object.c | 4 +++- 1 files changed, 3 insertions(+), 1 deletions(-) diff --git a/src/object.c b/src/object.c index b390ebb..0284995 100644 --- a/src/object.c +++ b/src/object.c @@ -759,6 +759,8 @@ static gboolean g_dbus_unregister_object(DBusConnection *connection, g_static_mutex_lock(&data->mutex); data->objects = g_slist_remove(data->objects, object); + if (!data->objects) + dbus_connection_set_data(connection, connection_slot, NULL, NULL); g_static_mutex_unlock(&data->mutex); @@ -766,7 +768,7 @@ static gboolean g_dbus_unregister_object(DBusConnection *connection, DBG("connection slot %d", connection_slot); - if (connection_slot < 0) { + if (!data->objects) { g_static_mutex_free(&data->mutex); g_free(data); } -- 1.6.5