From 36e5dd2ebc8a118a4809d6c4d840e0433ceb8120 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jos=C3=A9=20Roberto=20de=20Souza?=
 <zehortigoza@profusion.mobi>
Date: Mon, 17 Dec 2012 19:48:54 +0000
Subject: [PATCH] edbus: Fix invalid access memory in
 edbus_service_interface_unregister()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

_object_unregister is called synchronized by libdbus, so when _interface_free() ran
your object its already freed.

==30579== Invalid read of size 4
==30579==    at 0x4775190: _find_object_manager_parent (edbus_service.c:803)
==30579==    by 0x4775292: _interface_free (edbus_service.c:1011)
==30579==    by 0x4777F1D: edbus_service_interface_unregister (edbus_service.c:1101)
==30579==    by 0x40CBD28: elm_dbus_menu_delete (elm_dbus_menu.c:128)
==30579==    by 0x414552F: _elm_menu_smart_del (elm_menu.c:562)
==30579==    by 0x4810F39: _eo_op_internal (eo.c:363)
==30579==    by 0x4812E1B: eo_do_internal (eo.c:403)
==30579==    by 0x4279D02: evas_object_smart_del (evas_object_smart.c:1080)

Patch by: José Roberto de Souza  <zehortigoza@profusion.mobi>



SVN revision: 81180
---
 legacy/edbus/src/lib/edbus_service.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/legacy/edbus/src/lib/edbus_service.c b/legacy/edbus/src/lib/edbus_service.c
index 0eeee8c45e..a68ea8a3a3 100644
--- a/legacy/edbus/src/lib/edbus_service.c
+++ b/legacy/edbus/src/lib/edbus_service.c
@@ -1095,9 +1095,14 @@ EAPI void
 edbus_service_interface_unregister(EDBus_Service_Interface *iface)
 {
    EDBUS_SERVICE_INTERFACE_CHECK(iface);
+   if (!eina_hash_find(iface->obj->interfaces, objmanager->name))
+     {
+        //properties + introspectable + iface that user wants unregister
+        if (eina_hash_population(iface->obj->interfaces) < 4)
+          edbus_service_object_unregister(iface);
+        return;
+     }
    eina_hash_del(iface->obj->interfaces, NULL, iface);
-   if (eina_hash_population(iface->obj->interfaces) < 3)
-     edbus_service_object_unregister(iface);
    _interface_free(iface);
 }