GMainContext - Fix GSource iterator if iteration can modify the list

We first have to ref the next source and then unref the previous one. This might be the last reference to the previous source, and freeing the previous source might unref and free the next one which would then leave use with a dangling pointer here. Fixes https://gitlab.gnome.org/GNOME/glib/issues/2031
2024-12-26 15:36:14 +01:00 · 2020-02-03 15:38:28 +02:00 · 2020-02-03 15:38:28 +02:00 · b06c48de75
commit b06c48de75
parent 5140c6c2fd
1 changed files with 6 additions and 2 deletions
--- a/glib/gmain.c
+++ b/glib/gmain.c
@ -1004,13 +1004,17 @@ g_source_iter_next (GSourceIter *iter, GSource **source)
   * GSourceList to be removed from source_lists (if iter->source is
   * the only source in its list, and it is destroyed), so we have to
   * keep it reffed until after we advance iter->current_list, above.
+   *
+   * Also we first have to ref the next source before unreffing the
+   * previous one as unreffing the previous source can potentially
+   * free the next one.
   */
+  if (next_source && iter->may_modify)
+    g_source_ref (next_source);

  if (iter->source && iter->may_modify)
    g_source_unref_internal (iter->source, iter->context, TRUE);
  iter->source = next_source;
-  if (iter->source && iter->may_modify)
-    g_source_ref (iter->source);

  *source = iter->source;
  return *source != NULL;