If we are freeing a EDBUS_Connection_Name its name_owner_changed signal
handler may hold a pointer and try to unref it when deleting the signal
handler. We can't simply make the signal handler hold a reference to the
connection name, otherwise edbus_connection_name_gc will never be
triggered because of cyclic references.
Thus, just set the cn->name_owner_changed->bus to NULL before trying to
delete the signal handler.
Related log found by Lucas Jóia:
==20607== Invalid read of size 4
==20607== at 0x6FE29EE: edbus_connection_name_gc.isra.3 (edbus_core.c:375)
==20607== by 0x6FE4287: edbus_connection_unref (edbus_core.c:1028)
==20607== by 0x4C8D94: e_msgbus_shutdown (e_msgbus.c:167)
==20607== by 0x436194: _e_main_shutdown (e_main.c:1136)
==20607== by 0x434F25: main (e_main.c:1074)
==20607== Address 0x1461ba68 is 24 bytes inside a block of size 64 free'd
==20607== at 0x4C2A739: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==20607== by 0x6FF0E78: edbus_signal_handler_unref (edbus_signal_handler.c:269)
==20607== by 0x6FE2A48: edbus_connection_name_gc.isra.3 (edbus_core.c:384)
==20607== by 0x6FE4287: edbus_connection_unref (edbus_core.c:1028)
==20607== by 0x4C8D94: e_msgbus_shutdown (e_msgbus.c:167)
==20607== by 0x436194: _e_main_shutdown (e_main.c:1136)
==20607== by 0x434F25: main (e_main.c:1074)
SVN revision: 81463
Bug triggered by Lucas Jóia:
==10042== Invalid read of size 8
==10042== at 0x6B86626: _eina_rbtree_iterator_next (eina_rbtree.c:165)
==10042== by 0x6B7228D: _eina_hash_iterator_next (eina_hash.c:622)
==10042== by 0x6FE41DC: edbus_connection_unref (edbus_core.c:1015)
==10042== by 0x4C8D94: e_msgbus_shutdown (e_msgbus.c:167)
==10042== by 0x436194: _e_main_shutdown (e_main.c:1136)
==10042== by 0x434F25: main (e_main.c:1074)
==10042== Address 0x15c1b958 is 40 bytes inside a block of size 96 free'd
==10042== at 0x4C2A739: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==10042== by 0x6B71CB7: _eina_hash_del_by_hash_el (eina_hash.c:441)
==10042== by 0x6FE2A1E: edbus_connection_name_gc.isra.2 (edbus_core.c:385)
==10042== by 0x6FE4217: edbus_connection_unref (edbus_core.c:1026)
==10042== by 0x4C8D94: e_msgbus_shutdown (e_msgbus.c:167)
==10042== by 0x436194: _e_main_shutdown (e_main.c:1136)
==10042== by 0x434F25: main (e_main.c:1074)
SVN revision: 81462
This allows to monitor when a client exits. Clients in general don't
register a name in the bus and in some cases it's even not allowed to do
(for example an agent talking to bluetoothd, that runs in system bus).
Patch by: José Roberto de Souza <zehortigoza@profusion.mobi>
SVN revision: 80687
Refactor edbus_signal_handler_add() so internal signal handlers don't
set the connection free callback. This fixes the bug in which
EDBus_Connection was freeing the signal handler of EDBus_Conenction_Name
==22814== Invalid read of size 4
==22814== at 0x40564B0: edbus_signal_handler_del (edbus_signal_handler.c:278)
==22814== by 0x4040E65: _edbus_connection_name_unref (edbus_core.c:507)
==22814== by 0x404106B: edbus_connection_name_owner_monitor (edbus_core.c:520)
==22814== by 0x4055F63: _edbus_signal_handler_clean (edbus_signal_handler.c:217)
==22814== by 0x40564F8: edbus_signal_handler_del (edbus_signal_handler.c:279)
==22814== by 0x4043088: _edbus_connection_unref (edbus_core.c:1045)
==22814== by 0x404352F: edbus_connection_unref (edbus_core.c:1105)
==22814== by 0x80498AA: main (banshee.c:233)
==22814== Address 0x44bea48 is 0 bytes inside a block of size 72 free'd
==22814== at 0x402C06C: free (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==22814== by 0x4056118: _edbus_signal_handler_del (edbus_signal_handler.c:249)
==22814== by 0x4056401: edbus_signal_handler_unref (edbus_signal_handler.c:272)
==22814== by 0x4056503: edbus_signal_handler_del (edbus_signal_handler.c:280)
==22814== by 0x4043088: _edbus_connection_unref (edbus_core.c:1045)
==22814== by 0x404352F: edbus_connection_unref (edbus_core.c:1105)
==22814== by 0x80498AA: main (banshee.c:233)
==22814==
CRI<22814>: src/lib/edbus_signal_handler.c:278 edbus_signal_handler_del() *** Eina Magic Check Failed !!!
Input handle has already been freed!
*** NAUGHTY PROGRAMMER!!!
*** SPANK SPANK SPANK!!!
*** Now go fix your code. Tut tut tut!
Patch by: José Roberto de Souza <zehortigoza@profusion.mobi>
SVN revision: 80686
Simplifications on "monitor" of NameOwnerChanged
Life cycle tied with refcount, objs, and name_owner_changed list.
Patch by: José Roberto de Souza <zehortigoza@profusion.mobi>
SVN revision: 80684
This way is much simpler and doesn't generate many events when main loop
is quit inside of a signal handler callback.
Patch by: José Roberto de Souza <zehortigoza@profusion.mobi>
SVN revision: 80683