summaryrefslogtreecommitdiff
path: root/legacy/edbus/src/lib/edbus_core.c
diff options
context:
space:
mode:
authorLucas De Marchi <lucas.demarchi@profusion.mobi>2012-12-20 14:52:21 +0000
committerLucas De Marchi <lucas.demarchi@profusion.mobi>2012-12-20 14:52:21 +0000
commit83619110f22f83c50384d78ca7d1381481a3eb25 (patch)
tree84a48cebca55683aea36c3d8690a37459a37ecf5 /legacy/edbus/src/lib/edbus_core.c
parent1cae2f1968d2b3ec7ddd544d665da71b3cbdef40 (diff)
edbus: Do not modify cn->names hash while walking it
Bug triggered by Lucas Jóia: ==10042== Invalid read of size 8 ==10042==    at 0x6B86626: _eina_rbtree_iterator_next (eina_rbtree.c:165) ==10042==    by 0x6B7228D: _eina_hash_iterator_next (eina_hash.c:622) ==10042==    by 0x6FE41DC: edbus_connection_unref (edbus_core.c:1015) ==10042==    by 0x4C8D94: e_msgbus_shutdown (e_msgbus.c:167) ==10042==    by 0x436194: _e_main_shutdown (e_main.c:1136) ==10042==    by 0x434F25: main (e_main.c:1074) ==10042==  Address 0x15c1b958 is 40 bytes inside a block of size 96 free'd ==10042==    at 0x4C2A739: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==10042==    by 0x6B71CB7: _eina_hash_del_by_hash_el (eina_hash.c:441) ==10042==    by 0x6FE2A1E: edbus_connection_name_gc.isra.2 (edbus_core.c:385) ==10042==    by 0x6FE4217: edbus_connection_unref (edbus_core.c:1026) ==10042==    by 0x4C8D94: e_msgbus_shutdown (e_msgbus.c:167) ==10042==    by 0x436194: _e_main_shutdown (e_main.c:1136) ==10042==    by 0x434F25: main (e_main.c:1074) SVN revision: 81462
Diffstat (limited to '')
-rw-r--r--legacy/edbus/src/lib/edbus_core.c11
1 files changed, 9 insertions, 2 deletions
diff --git a/legacy/edbus/src/lib/edbus_core.c b/legacy/edbus/src/lib/edbus_core.c
index d9991037f3..0fdaf733a8 100644
--- a/legacy/edbus/src/lib/edbus_core.c
+++ b/legacy/edbus/src/lib/edbus_core.c
@@ -989,6 +989,7 @@ _edbus_connection_unref(EDBus_Connection *conn)
989 EDBus_Pending *p; 989 EDBus_Pending *p;
990 Eina_Iterator *iter; 990 Eina_Iterator *iter;
991 EDBus_Connection_Name *cn; 991 EDBus_Connection_Name *cn;
992 Eina_Array *cns;
992 993
993 DBG("Connection %p: unref (currently at %d refs)", 994 DBG("Connection %p: unref (currently at %d refs)",
994 conn, conn->refcount); 995 conn, conn->refcount);
@@ -1006,6 +1007,7 @@ _edbus_connection_unref(EDBus_Connection *conn)
1006 EINA_INLIST_FOREACH_SAFE(conn->pendings, list, p) 1007 EINA_INLIST_FOREACH_SAFE(conn->pendings, list, p)
1007 edbus_pending_cancel(p); 1008 edbus_pending_cancel(p);
1008 1009
1010 cns = eina_array_new(eina_hash_population(conn->names));
1009 iter = eina_hash_iterator_data_new(conn->names); 1011 iter = eina_hash_iterator_data_new(conn->names);
1010 EINA_ITERATOR_FOREACH(iter, cn) 1012 EINA_ITERATOR_FOREACH(iter, cn)
1011 { 1013 {
@@ -1017,11 +1019,16 @@ _edbus_connection_unref(EDBus_Connection *conn)
1017 cn->event_handlers.list = eina_inlist_remove(cn->event_handlers.list, 1019 cn->event_handlers.list = eina_inlist_remove(cn->event_handlers.list,
1018 cn->event_handlers.list); 1020 cn->event_handlers.list);
1019 free(ctx); 1021 free(ctx);
1020 } 1022 }
1021 edbus_connection_name_gc(conn, cn); 1023 eina_array_push(cns, cn);
1022 } 1024 }
1023 eina_iterator_free(iter); 1025 eina_iterator_free(iter);
1026
1027 while ((cn = eina_array_pop(cns)))
1028 edbus_connection_name_gc(conn, cn);
1029
1024 eina_hash_free(conn->names); 1030 eina_hash_free(conn->names);
1031 eina_array_free(cns);
1025 1032
1026 conn->refcount = 0; 1033 conn->refcount = 0;
1027 1034