_g_dbus_worker_new: hold a ref until we have done the initial read

Otherwise, we could use-after-free the GDBusWorker, if its last-unref is immediately after _g_dbus_worker_new returns (before the worker thread does its initial read). Bug: https://bugzilla.gnome.org/show_bug.cgi?id=651268 Bug-NB: NB#271520 Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk> Signed-off-by: David Zeuthen <davidz@redhat.com>
2024-11-10 03:16:17 +01:00 · 2011-09-12 18:42:36 +01:00 · 2011-09-12 18:42:36 +01:00 · e34e8a25a0
commit e34e8a25a0
parent 698eeb3ef6
1 changed files with 2 additions and 2 deletions
--- a/gio/gdbusprivate.c
+++ b/gio/gdbusprivate.c
@ -1590,8 +1590,8 @@ _g_dbus_worker_new (GIOStream                              *stream,
  g_source_set_priority (idle_source, G_PRIORITY_DEFAULT);
  g_source_set_callback (idle_source,
                         _g_dbus_worker_do_initial_read,
-                         worker,
-                         NULL);
+                         _g_dbus_worker_ref (worker),
+                         (GDestroyNotify) _g_dbus_worker_unref);
  g_source_attach (idle_source, worker->shared_thread_data->context);
  g_source_unref (idle_source);