luc14n0/glib
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/glib.git synced 2024-12-25 23:16:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

gdbus: Fix a potential use-after-free on connection close. Fixes #1686

Browse Source 
512e9b3b34 added a call to schedule_pending_close() in the read
callback after the reference to the worker is already gone. In case this was
the last reference to the worker this resulted in a use-after-free.

6f3d57d2ee made this more likely to happen because on connection close
the worker cancel action is now async while the reference to the worker
gets dropped right away.

Move the call to schedule_pending_close() before the unref.

Fixes #1686
This commit is contained in:
Christoph Reiter 2019-02-14 04:16:18 +01:00
parent fbb97b46d8
commit 067992f8de
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
gio/gdbusprivate.c
View File

@ -809,11 +809,11 @@ _g_dbus_worker_do_read_cb (GInputStream *input_stream,
out:
g_mutex_unlock (&worker->read_lock);
/* gives up the reference acquired when calling g_input_stream_read_async() */
_g_dbus_worker_unref (worker);
/* check if there is any pending close */
schedule_pending_close (worker);
/* gives up the reference acquired when calling g_input_stream_read_async() */
_g_dbus_worker_unref (worker);
}
/* called in private thread shared by all GDBusConnection instances (with read-lock held) */