[Xfce4-commits] <xfconf:master> Fix segfault triggered by object-bindings test.

Nick Schermer noreply at xfce.org
Sat Dec 26 13:44:02 CET 2009


Updating branch refs/heads/master
         to 6b3dc965b9d5b20d9dd97f2b79cd99d95324546f (commit)
       from 20aaa3a4079cb797d040dab4a3ea12a34ac0a960 (commit)

commit 6b3dc965b9d5b20d9dd97f2b79cd99d95324546f
Author: Nick Schermer <nick at xfce.org>
Date:   Sat Dec 26 13:36:09 2009 +0100

    Fix segfault triggered by object-bindings test.
    
    It turned out the object bindings code triggered a bug
    in the cache code because it edits multiple properties
    with the same name in a short time and then destroying
    the channel.
    This left a number (6) of pending call keys in one of the
    hash tables with the same value resulting in double frees
    when destroying the table.
    
    To fix this steal the item from the table when cancelling
    the dbus call, then the old_item we insert again is then
    not freed and exists only once in the table.

 xfconf/xfconf-cache.c |    5 ++++-
 1 files changed, 4 insertions(+), 1 deletions(-)

diff --git a/xfconf/xfconf-cache.c b/xfconf/xfconf-cache.c
index d7d8504..b6bffe7 100644
--- a/xfconf/xfconf-cache.c
+++ b/xfconf/xfconf-cache.c
@@ -757,9 +757,12 @@ xfconf_cache_set(XfconfCache *cache,
         /* if we have an old item, it means that a previous set
          * call hasn't returned yet.  let's cancel that call and
          * throw away the current not-yet-committed value of
-         * the property. */
+         * the property.
+         * we also steal the old_item from the pending_calls table
+         * so there are no pending item left. */
         if(old_item->call) {
             dbus_g_proxy_cancel_call(proxy, old_item->call);
+            g_hash_table_steal(cache->pending_calls, old_item->call);
             old_item->call = NULL;
         }
     } else {



More information about the Xfce4-commits mailing list