[Xfce4-commits] <xfconf:master> Fix segfault triggered by object-bindings test.
Nick Schermer
noreply at xfce.org
Sat Dec 26 13:44:02 CET 2009
Updating branch refs/heads/master
to 6b3dc965b9d5b20d9dd97f2b79cd99d95324546f (commit)
from 20aaa3a4079cb797d040dab4a3ea12a34ac0a960 (commit)
commit 6b3dc965b9d5b20d9dd97f2b79cd99d95324546f
Author: Nick Schermer <nick at xfce.org>
Date: Sat Dec 26 13:36:09 2009 +0100
Fix segfault triggered by object-bindings test.
It turned out the object bindings code triggered a bug
in the cache code because it edits multiple properties
with the same name in a short time and then destroying
the channel.
This left a number (6) of pending call keys in one of the
hash tables with the same value resulting in double frees
when destroying the table.
To fix this steal the item from the table when cancelling
the dbus call, then the old_item we insert again is then
not freed and exists only once in the table.
xfconf/xfconf-cache.c | 5 ++++-
1 files changed, 4 insertions(+), 1 deletions(-)
diff --git a/xfconf/xfconf-cache.c b/xfconf/xfconf-cache.c
index d7d8504..b6bffe7 100644
--- a/xfconf/xfconf-cache.c
+++ b/xfconf/xfconf-cache.c
@@ -757,9 +757,12 @@ xfconf_cache_set(XfconfCache *cache,
/* if we have an old item, it means that a previous set
* call hasn't returned yet. let's cancel that call and
* throw away the current not-yet-committed value of
- * the property. */
+ * the property.
+ * we also steal the old_item from the pending_calls table
+ * so there are no pending item left. */
if(old_item->call) {
dbus_g_proxy_cancel_call(proxy, old_item->call);
+ g_hash_table_steal(cache->pending_calls, old_item->call);
old_item->call = NULL;
}
} else {
More information about the Xfce4-commits
mailing list