From 0932f71460a93a7b81e771745bd30a0391a9bc65 Mon Sep 17 00:00:00 2001 From: Philip Withnall Date: Tue, 14 Jun 2022 11:25:50 +0100 Subject: [PATCH] gobject: Change GObject notify semantics under static analysis MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Coverity notices the `g_object_unref()` call in `g_object_notify()`, but not the paired `g_object_ref()` call. It therefore incorrectly assumes that every call to `g_object_notify()` frees the object. This causes a lot (hundreds) of false positive reports about double-frees or use-after-frees. I can’t find a way to fix this using a model file, so the other options are: * Manually mark every report as a false positive and keep updating them as the code changes over time. This would take a lot of maintainer effort. * Comment out the `g_object_ref()`/`g_object_unref()` calls when running static analysis (but not in a normal production build). This is ugly, but cheap and shouldn’t impact maintainability much. So this commit implements option 2. Signed-off-by: Philip Withnall --- gobject/gobject.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/gobject/gobject.c b/gobject/gobject.c index e71547c19..c24c24c16 100644 --- a/gobject/gobject.c +++ b/gobject/gobject.c @@ -1465,13 +1465,24 @@ g_object_notify_by_spec_internal (GObject *object, } else { + /* + * Coverity doesn’t understand the paired ref/unref here and seems to + * ignore the ref, thus reports every call to g_object_notify() as + * causing a double-free. That’s incorrect, but I can’t get a model + * file to work for avoiding the false positives, so instead comment + * out the ref/unref when doing static analysis. + */ +#ifndef __COVERITY__ g_object_ref (object); +#endif /* not frozen, so just dispatch the notification directly */ G_OBJECT_GET_CLASS (object) ->dispatch_properties_changed (object, 1, &pspec); +#ifndef __COVERITY__ g_object_unref (object); +#endif } } }