Accepting request 1120636 from GNOME:Factory
OBS-URL: https://build.opensuse.org/request/show/1120636 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/glib2?expand=0&rev=273
This commit is contained in:
Ana Guerrero
Git OBS Bridge
commit
3f7e511067
@ -1,132 +0,0 @@
|
||||
From 82c764ce2e42f0d1032627dabcbd742d5f2bd8fa Mon Sep 17 00:00:00 2001
|
||||
From: Philip Withnall <philip@tecnocode.co.uk>
|
||||
Date: Mon, 11 Sep 2023 16:02:15 +0100
|
||||
Subject: [PATCH] gthreadedresolver: Fix race between source callbacks and
|
||||
finalize
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
I had thought that because `g_source_destroy()` was called for the two
|
||||
sources (cancel and timeout) in the `GTask` finalize function for a
|
||||
threaded resolver operation, that it would be fine to use a plain
|
||||
pointer in the source callbacks to point to the `GTask`.
|
||||
|
||||
That turns out to not be true: because the source callbacks are executed
|
||||
in the GLib worker thread, and the `GTask` can be finalized in another
|
||||
thread, it’s possible for a source callback (e.g. `cancelled_cb()`) to
|
||||
be scheduled in the worker thread, then for the `GTask` to be finalized,
|
||||
and then the source callback to continue execution and find itself
|
||||
doing a use-after-free.
|
||||
|
||||
Fix that by using a weak ref to the `GTask` in the source callbacks,
|
||||
rather than a plain pointer.
|
||||
|
||||
Signed-off-by: Philip Withnall <philip@tecnocode.co.uk>
|
||||
|
||||
Fixes: #3105
|
||||
---
|
||||
gio/gthreadedresolver.c | 43 +++++++++++++++++++++++++++++++++++------
|
||||
1 file changed, 37 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/gio/gthreadedresolver.c b/gio/gthreadedresolver.c
|
||||
index 2d94531bf..c7a567549 100644
|
||||
--- a/gio/gthreadedresolver.c
|
||||
+++ b/gio/gthreadedresolver.c
|
||||
@@ -1422,10 +1422,17 @@ lookup_records_finish (GResolver *resolver,
|
||||
static gboolean
|
||||
timeout_cb (gpointer user_data)
|
||||
{
|
||||
- GTask *task = G_TASK (user_data);
|
||||
- LookupData *data = g_task_get_task_data (task);
|
||||
+ GWeakRef *weak_task = user_data;
|
||||
+ GTask *task = NULL; /* (owned) */
|
||||
+ LookupData *data;
|
||||
gboolean should_return;
|
||||
|
||||
+ task = g_weak_ref_get (weak_task);
|
||||
+ if (task == NULL)
|
||||
+ return G_SOURCE_REMOVE;
|
||||
+
|
||||
+ data = g_task_get_task_data (task);
|
||||
+
|
||||
g_mutex_lock (&data->lock);
|
||||
|
||||
should_return = g_atomic_int_compare_and_exchange (&data->will_return, NOT_YET, TIMED_OUT);
|
||||
@@ -1443,6 +1450,8 @@ timeout_cb (gpointer user_data)
|
||||
g_cond_broadcast (&data->cond);
|
||||
g_mutex_unlock (&data->lock);
|
||||
|
||||
+ g_object_unref (task);
|
||||
+
|
||||
return G_SOURCE_REMOVE;
|
||||
}
|
||||
|
||||
@@ -1452,10 +1461,17 @@ static gboolean
|
||||
cancelled_cb (GCancellable *cancellable,
|
||||
gpointer user_data)
|
||||
{
|
||||
- GTask *task = G_TASK (user_data);
|
||||
- LookupData *data = g_task_get_task_data (task);
|
||||
+ GWeakRef *weak_task = user_data;
|
||||
+ GTask *task = NULL; /* (owned) */
|
||||
+ LookupData *data;
|
||||
gboolean should_return;
|
||||
|
||||
+ task = g_weak_ref_get (weak_task);
|
||||
+ if (task == NULL)
|
||||
+ return G_SOURCE_REMOVE;
|
||||
+
|
||||
+ data = g_task_get_task_data (task);
|
||||
+
|
||||
g_mutex_lock (&data->lock);
|
||||
|
||||
g_assert (g_cancellable_is_cancelled (cancellable));
|
||||
@@ -1473,9 +1489,18 @@ cancelled_cb (GCancellable *cancellable,
|
||||
g_cond_broadcast (&data->cond);
|
||||
g_mutex_unlock (&data->lock);
|
||||
|
||||
+ g_object_unref (task);
|
||||
+
|
||||
return G_SOURCE_REMOVE;
|
||||
}
|
||||
|
||||
+static void
|
||||
+weak_ref_clear_and_free (GWeakRef *weak_ref)
|
||||
+{
|
||||
+ g_weak_ref_clear (weak_ref);
|
||||
+ g_free (weak_ref);
|
||||
+}
|
||||
+
|
||||
static void
|
||||
run_task_in_thread_pool_async (GThreadedResolver *self,
|
||||
GTask *task)
|
||||
@@ -1490,17 +1515,23 @@ run_task_in_thread_pool_async (GThreadedResolver *self,
|
||||
|
||||
if (timeout_ms != 0)
|
||||
{
|
||||
+ GWeakRef *weak_task = g_new0 (GWeakRef, 1);
|
||||
+ g_weak_ref_set (weak_task, task);
|
||||
+
|
||||
data->timeout_source = g_timeout_source_new (timeout_ms);
|
||||
g_source_set_static_name (data->timeout_source, "[gio] threaded resolver timeout");
|
||||
- g_source_set_callback (data->timeout_source, G_SOURCE_FUNC (timeout_cb), task, NULL);
|
||||
+ g_source_set_callback (data->timeout_source, G_SOURCE_FUNC (timeout_cb), g_steal_pointer (&weak_task), (GDestroyNotify) weak_ref_clear_and_free);
|
||||
g_source_attach (data->timeout_source, GLIB_PRIVATE_CALL (g_get_worker_context) ());
|
||||
}
|
||||
|
||||
if (cancellable != NULL)
|
||||
{
|
||||
+ GWeakRef *weak_task = g_new0 (GWeakRef, 1);
|
||||
+ g_weak_ref_set (weak_task, task);
|
||||
+
|
||||
data->cancellable_source = g_cancellable_source_new (cancellable);
|
||||
g_source_set_static_name (data->cancellable_source, "[gio] threaded resolver cancellable");
|
||||
- g_source_set_callback (data->cancellable_source, G_SOURCE_FUNC (cancelled_cb), task, NULL);
|
||||
+ g_source_set_callback (data->cancellable_source, G_SOURCE_FUNC (cancelled_cb), g_steal_pointer (&weak_task), (GDestroyNotify) weak_ref_clear_and_free);
|
||||
g_source_attach (data->cancellable_source, GLIB_PRIVATE_CALL (g_get_worker_context) ());
|
||||
}
|
||||
|
||||
--
|
||||
2.42.0
|
||||
|
||||
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:44eaab8b720877ce303c5540b657b126f12dc94972d9880b52959f43fb537b30
|
||||
size 5327096
|
||||
3
glib-2.78.1.tar.xz
Normal file
3
glib-2.78.1.tar.xz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:915bc3d0f8507d650ead3832e2f8fb670fce59aac4d7754a7dab6f1e6fed78b2
|
||||
size 5320740
|
||||
@ -1,3 +1,47 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Oct 25 13:18:49 UTC 2023 - Bjørn Lie <bjorn.lie@gmail.com>
|
||||
|
||||
- Update to version 2.78.1:
|
||||
+ Fix truncating files when `g_file_set_contents_full()` is
|
||||
called without `G_FILE_SET_CONTENTS_CONSISTENT`
|
||||
+ Fix `-Dlibelf=disabled` on Linux
|
||||
+ Bugs fixed:
|
||||
- NetworkManager 1.44.0 crashes repeatedly with glib 2.78.0
|
||||
- gsubprocess-testprog.c: build error with cygwin
|
||||
(sys/ptrace.h: No such file or directory)
|
||||
- gio clears modification time in microseconds when setting
|
||||
with `set_modification_date_time`
|
||||
- Build of glib 2.78.0 ignores -Dlibelf=disabled
|
||||
- glib-2.78.0 fails at gio/tests/gsubprocess.p/gsubprocess.c.o
|
||||
- Segfault when creating GIO GPropertyAction without properties
|
||||
- `g_file_set_contents_full()` doesn't truncate the file
|
||||
(without `G_FILE_SET_CONTENTS_CONSISTENT`)
|
||||
- guniprop.c: Avoid creating (temporarily) out-of-bounds
|
||||
pointers
|
||||
- Fixes for integer cast warnings when targeting CHERI
|
||||
- Fix test_find_program on FreeBSD
|
||||
- gconstructor.h: Ensure [c|d]tor prototypes are present for
|
||||
MSVC
|
||||
- Fix gutils-user-database test on macOS
|
||||
- Add value annotation to G_TYPE_FUNDAMENTAL_MAX
|
||||
- meson: Fix Windows build with PCRE2 as sibling subproject
|
||||
- gconstructor.h: Ensure [c|d]tor prototypes are present for
|
||||
MSVC
|
||||
- glocalfileinfo: Preserve microseconds for access/modify times
|
||||
- Make sure the `GTask` is freed on a graceful disconnect
|
||||
- Buffer needs to be aligned correctly to receive
|
||||
linux_dirent64.
|
||||
- gtestutils.h: Fix warning with -Wsign-conversion caused by
|
||||
g_assert_cmpint
|
||||
- tests: Drop unnecessary include from gsubprocess-testprog.c
|
||||
- wakeup: do single read when using eventfd()
|
||||
- wakeup: Fix g_wakeup_acknowledge if signal comes in”
|
||||
- Use g_task_return in task threads
|
||||
- build: Fix -Dlibelf=disabled on Linux
|
||||
- gfileutils: Add a missing ftruncate() call when writing files
|
||||
+ Updated translations.
|
||||
- Drop 0005-gthreadedresolver-Fix-race.patch: Fixed upstream.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Oct 24 08:22:09 UTC 2023 - Bjørn Lie <bjorn.lie@gmail.com>
|
||||
|
||||
|
||||
@ -30,7 +30,7 @@
|
||||
%define libgthread libgthread-%{libver}
|
||||
%bcond_without systemtap
|
||||
Name: glib2%{psuffix}
|
||||
Version: 2.78.0
|
||||
Version: 2.78.1
|
||||
Release: 0
|
||||
Summary: General-Purpose Utility Library
|
||||
License: LGPL-2.1-or-later
|
||||
@ -56,8 +56,6 @@ Patch1: glib2-fate300461-gettext-gkeyfile-suse.patch
|
||||
Patch2: glib2-suppress-schema-deprecated-path-warning.patch
|
||||
# PATCH-FIX-OPENSUSE glib2-gdbus-codegen-version.patch olaf@aepfle.de -- Remove version string from files generated by gdbus-codegen
|
||||
Patch4: glib2-gdbus-codegen-version.patch
|
||||
# PATCH-FIX-OPENSUSE 0005-gthreadedresolver-Fix-race.patch bsc#1215709 -- Backport patch to fix race between source callbacks and finalize causing NM to crash repeatedly
|
||||
Patch5: 0005-gthreadedresolver-Fix-race.patch
|
||||
|
||||
BuildRequires: docbook-xsl-stylesheets
|
||||
BuildRequires: fdupes
|
||||
@ -263,7 +261,6 @@ the functionality of the installed glib2 package.
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
%patch4 -p1
|
||||
%patch5 -p1
|
||||
|
||||
cp -a %{SOURCE1} %{SOURCE2} %{SOURCE5} .
|
||||
cp -a %{SOURCE4} gnome_defaults.conf
|
||||
|
||||
Loading…
Reference in New Issue
Block a user