evolution-data-server/e-d-s-address-crash-on-cancel.patch

250 lines
8.2 KiB
Diff
Raw Normal View History

From 7c52fbd81093c1264e3d8aa6cdcf5c8bdc7b1772 Mon Sep 17 00:00:00 2001
From: Milan Crha <mcrha@redhat.com>
Date: Fri, 25 Jan 2013 16:27:55 +0000
Subject: EGdbusTemplates: Address crash on operation cancel
In situations when a synchronous operation was cancelled, but the response
was already piled in main context the client could receive two replies, one
from the reply, the other from the cancelled operation, effectively accessing
invalid memory in the second response. This may address also other similar
situations caused by cancelled operations.
---
(limited to 'libedataserver/e-gdbus-templates.c')
diff --git a/libedataserver/e-gdbus-templates.c b/libedataserver/e-gdbus-templates.c
index 60306be..ef3e476 100644
--- a/libedataserver/e-gdbus-templates.c
+++ b/libedataserver/e-gdbus-templates.c
@@ -844,6 +844,7 @@ e_gdbus_complete_sync_method_uint (gpointer object,
typedef struct _AsyncOpData
{
+ gint ref_count;
EGdbusAsyncOpKeeper *proxy;
guint opid;
@@ -871,27 +872,37 @@ async_op_data_free (AsyncOpData *op_data)
g_return_if_fail (op_data != NULL);
+ pending_ops = e_gdbus_async_op_keeper_get_pending_ops (op_data->proxy);
+
if (op_data->cancel_idle_id) {
GError *error = NULL;
g_source_remove (op_data->cancel_idle_id);
op_data->cancel_idle_id = 0;
+ if (pending_ops)
+ g_hash_table_remove (pending_ops, GUINT_TO_POINTER (op_data->opid));
+
if (!e_gdbus_async_op_keeper_cancel_op_sync (op_data->proxy, op_data->opid, NULL, &error)) {
g_debug ("%s: Failed to cancel operation: %s\n", G_STRFUNC, error ? error->message : "Unknown error");
g_clear_error (&error);
}
+ } else if (pending_ops) {
+ g_hash_table_remove (pending_ops, GUINT_TO_POINTER (op_data->opid));
}
if (op_data->cancellable) {
- if (op_data->cancel_id)
+ if (op_data->cancel_id) {
g_cancellable_disconnect (op_data->cancellable, op_data->cancel_id);
+ op_data->cancel_id = 0;
+ }
g_object_unref (op_data->cancellable);
+ op_data->cancellable = NULL;
}
- pending_ops = e_gdbus_async_op_keeper_get_pending_ops (E_GDBUS_ASYNC_OP_KEEPER (op_data->proxy));
- if (pending_ops)
- g_hash_table_remove (pending_ops, GUINT_TO_POINTER (op_data->opid));
+ if (!g_atomic_int_dec_and_test (&op_data->ref_count))
+ return;
+
g_object_unref (op_data->proxy);
switch (op_data->result_type) {
@@ -919,6 +930,7 @@ async_op_complete (AsyncOpData *op_data,
g_return_if_fail (op_data != NULL);
+ g_atomic_int_inc (&op_data->ref_count);
simple = g_simple_async_result_new (G_OBJECT (op_data->proxy), op_data->async_callback, op_data->async_user_data, op_data->async_source_tag);
g_simple_async_result_set_op_res_gpointer (simple, op_data, (GDestroyNotify) async_op_data_free);
if (error)
@@ -932,13 +944,43 @@ async_op_complete (AsyncOpData *op_data,
g_object_unref (simple);
}
+typedef struct _CancelData
+{
+ EGdbusAsyncOpKeeper *proxy;
+ guint opid;
+ AsyncOpData *op_data;
+} CancelData;
+
+static void
+cancel_data_free (gpointer ptr)
+{
+ CancelData *cd = ptr;
+
+ if (!cd)
+ return;
+
+ g_object_unref (cd->proxy);
+ g_free (cd);
+}
+
static gboolean
e_gdbus_op_cancelled_idle_cb (gpointer user_data)
{
- AsyncOpData *op_data = user_data;
+ CancelData *cd = user_data;
+ AsyncOpData *op_data;
+ GHashTable *pending_ops;
GCancellable *cancellable;
GError *error = NULL;
+ g_return_val_if_fail (cd != NULL, FALSE);
+
+ pending_ops = e_gdbus_async_op_keeper_get_pending_ops (cd->proxy);
+ if (pending_ops && !g_hash_table_lookup (pending_ops, GUINT_TO_POINTER (cd->opid))) {
+ /* got served already */
+ return FALSE;
+ }
+
+ op_data = cd->op_data;
g_return_val_if_fail (op_data != NULL, FALSE);
cancellable = op_data->cancellable;
@@ -961,12 +1003,19 @@ static void
e_gdbus_op_cancelled_cb (GCancellable *cancellable,
AsyncOpData *op_data)
{
+ CancelData *cd;
+
g_return_if_fail (op_data != NULL);
g_return_if_fail (op_data->cancellable == cancellable);
+ cd = g_new0 (CancelData, 1);
+ cd->proxy = g_object_ref (op_data->proxy);
+ cd->opid = op_data->opid;
+ cd->op_data = op_data;
+
/* do this on idle, because this callback should be left
* as soon as possible, with no sync calls being done */
- op_data->cancel_idle_id = g_idle_add (e_gdbus_op_cancelled_idle_cb, op_data);
+ op_data->cancel_idle_id = g_idle_add_full (G_PRIORITY_DEFAULT_IDLE, e_gdbus_op_cancelled_idle_cb, cd, cancel_data_free);
}
static void
@@ -1370,9 +1419,21 @@ e_gdbus_proxy_sync_ready_cb (GObject *proxy,
GAsyncResult *result,
gpointer user_data)
{
- SyncOpData *sync_data = user_data;
+ gint sync_opid = GPOINTER_TO_INT (user_data);
+ gchar *sync_opid_ident;
+ SyncOpData *sync_data;
+
+ sync_opid_ident = g_strdup_printf ("EGdbusTemplates-SyncOp-%d", sync_opid);
+ sync_data = g_object_get_data (proxy, sync_opid_ident);
+ g_free (sync_opid_ident);
+
+ if (!sync_data) {
+ /* already finished operation; it can happen when the operation is cancelled,
+ but the result is already waiting in an idle queue.
+ */
+ return;
+ }
- g_return_if_fail (sync_data != NULL);
g_return_if_fail (sync_data->flag != NULL);
switch (sync_data->out_type) {
@@ -1415,12 +1476,17 @@ e_gdbus_proxy_call_sync (GDBusProxy *proxy,
guint out_type,
gpointer out_value)
{
+ static volatile gint sync_op_counter = 0;
+ gint sync_opid;
+ gchar *sync_opid_ident;
SyncOpData sync_data = { 0 };
g_return_val_if_fail (proxy != NULL, FALSE);
g_return_val_if_fail (start_func != NULL, FALSE);
g_return_val_if_fail (finish_func != NULL, FALSE);
+ g_object_ref (proxy);
+
switch (out_type) {
case E_GDBUS_TYPE_VOID:
sync_data.finish_func.finish_void = finish_func;
@@ -1443,6 +1509,7 @@ e_gdbus_proxy_call_sync (GDBusProxy *proxy,
break;
default:
g_warning ("%s: Unknown 'out' E_GDBUS_TYPE %x", G_STRFUNC, out_type);
+ g_object_unref (proxy);
return FALSE;
}
@@ -1450,30 +1517,37 @@ e_gdbus_proxy_call_sync (GDBusProxy *proxy,
sync_data.error = error;
sync_data.out_type = out_type;
+ sync_opid = g_atomic_int_add (&sync_op_counter, 1);
+ sync_opid_ident = g_strdup_printf ("EGdbusTemplates-SyncOp-%d", sync_opid);
+ g_object_set_data (G_OBJECT (proxy), sync_opid_ident, &sync_data);
+
switch (in_type) {
case E_GDBUS_TYPE_VOID: {
EGdbusCallStartVoid start = start_func;
- start (proxy, cancellable, e_gdbus_proxy_sync_ready_cb, &sync_data);
+ start (proxy, cancellable, e_gdbus_proxy_sync_ready_cb, GINT_TO_POINTER (sync_opid));
} break;
case E_GDBUS_TYPE_BOOLEAN: {
EGdbusCallStartBoolean start = start_func;
- start (proxy, * ((gboolean *) in_value), cancellable, e_gdbus_proxy_sync_ready_cb, &sync_data);
+ start (proxy, * ((gboolean *) in_value), cancellable, e_gdbus_proxy_sync_ready_cb, GINT_TO_POINTER (sync_opid));
} break;
case E_GDBUS_TYPE_STRING: {
EGdbusCallStartString start = start_func;
- start (proxy, (const gchar *) in_value, cancellable, e_gdbus_proxy_sync_ready_cb, &sync_data);
+ start (proxy, (const gchar *) in_value, cancellable, e_gdbus_proxy_sync_ready_cb, GINT_TO_POINTER (sync_opid));
} break;
case E_GDBUS_TYPE_STRV: {
EGdbusCallStartStrv start = start_func;
- start (proxy, (const gchar * const *) in_value, cancellable, e_gdbus_proxy_sync_ready_cb, &sync_data);
+ start (proxy, (const gchar * const *) in_value, cancellable, e_gdbus_proxy_sync_ready_cb, GINT_TO_POINTER (sync_opid));
} break;
case E_GDBUS_TYPE_UINT: {
EGdbusCallStartUint start = start_func;
- start (proxy, * ((guint *) in_value), cancellable, e_gdbus_proxy_sync_ready_cb, &sync_data);
+ start (proxy, * ((guint *) in_value), cancellable, e_gdbus_proxy_sync_ready_cb, GINT_TO_POINTER (sync_opid));
} break;
default:
g_warning ("%s: Unknown 'in' E_GDBUS_TYPE %x", G_STRFUNC, in_type);
e_flag_free (sync_data.flag);
+ g_object_set_data (G_OBJECT (proxy), sync_opid_ident, NULL);
+ g_free (sync_opid_ident);
+ g_object_unref (proxy);
return FALSE;
}
@@ -1502,8 +1576,12 @@ e_gdbus_proxy_call_sync (GDBusProxy *proxy,
/* is called in a dedicated thread */
e_flag_wait (sync_data.flag);
}
+ g_object_set_data (G_OBJECT (proxy), sync_opid_ident, NULL);
e_flag_free (sync_data.flag);
+ g_free (sync_opid_ident);
+ g_object_unref (proxy);
+
return sync_data.finish_result;
}
--
cgit v0.9.0.2