From a581de2ee72369b1e1e7f90841d51d068d48da3b Mon Sep 17 00:00:00 2001 From: Philip Withnall Date: Tue, 2 May 2023 12:19:35 +0100 Subject: [PATCH] gsocketclient: Make connection_attempt_remove() safe to call twice MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit As spotted by Michael Catanzaro in https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3394#note_1730123, on the code path where a `ConnectionAttempt` is cancelled, it will currently be removed from the `connection_attempts` list by the cancellation code, and then *again* by the `if (task_completed_or_cancelled ())` code in `g_socket_client_connected_callback()`. That would previously have resulted in a double-unref of the `ConnectionAttempt`. So change `connection_attempt_remove()` to be a no-op if the attempt isn’t found in `connection_attempts`. Signed-off-by: Philip Withnall --- gio/gsocketclient.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/gio/gsocketclient.c b/gio/gsocketclient.c index 6ae968b48..eb552e17b 100644 --- a/gio/gsocketclient.c +++ b/gio/gsocketclient.c @@ -1587,8 +1587,12 @@ connection_attempt_unref (gpointer pointer) static void connection_attempt_remove (ConnectionAttempt *attempt) { - attempt->data->connection_attempts = g_slist_remove (attempt->data->connection_attempts, attempt); - connection_attempt_unref (attempt); + GSList *attempt_link = g_slist_find (attempt->data->connection_attempts, attempt); + if (attempt_link != NULL) + { + attempt->data->connection_attempts = g_slist_delete_link (attempt->data->connection_attempts, attempt_link); + connection_attempt_unref (attempt); + } } static void