>From ed8b98aa0c72431c3500193d1ba82ff3156974a9 Mon Sep 17 00:00:00 2001 From: Patrick Ohly Date: Wed, 2 Sep 2009 17:18:03 +0200 Subject: [PATCH 07/12] gdbus: fixed segfault in watch disconnect function If the apps callback function removes the watch that triggered it, then disconnect_function() used a dangling data pointer to retrieve the id (first problem) and g_dbus_remove_watch() used a -1 connection_slot (second problem, only occurs when the current watch was the last one). Fixed by storing the ID in a temporary variable and adding a connection_slot check to g_dbus_remove_watch(), similar to the one which was already in g_dbus_remove_all_watches(). --- src/watch.c | 10 +++++++++- 1 files changed, 9 insertions(+), 1 deletions(-) diff --git a/src/watch.c b/src/watch.c index d10b567..3e9081c 100644 --- a/src/watch.c +++ b/src/watch.c @@ -269,6 +269,9 @@ gboolean g_dbus_remove_watch(DBusConnection *connection, guint tag) DBG("connection %p tag %d", connection, tag); + if (connection_slot < 0) + return FALSE; + data = dbus_connection_get_data(connection, connection_slot); if (data == NULL) return FALSE; @@ -387,9 +390,14 @@ static void disconnect_function(DBusConnection *connection, void *user_data) { DisconnectData *data = user_data; + // The callback function might remove the watch, + // which invalidates the data pointer. Remember + // the ID. + guint id = data->id; + data->function(connection, data->user_data); - g_dbus_remove_watch(connection, data->id); + g_dbus_remove_watch(connection, id); } static void disconnect_release(void *user_data) -- 1.6.5