From 58500b3b8bf8f06b04f1d349daa1cae4e46915b8 Mon Sep 17 00:00:00 2001 From: Thomas Haller Date: Wed, 9 Apr 2014 14:05:08 +0200 Subject: [PATCH] core: fix freeing pending activations in dispose() of device activate_data_free() deletes the data from priv->pending_activation_checks, thus iterating over the list with g_slist_free_full() causes a double free or invalid memory access. This bug does not hit easily, because the policy only get's disposed when NM shuts down and then there are likely no pending activations queued. Fixes regression introduced by commit 4f0c70e94534abafde6a0459af74b68a7da724d9. Signed-off-by: Thomas Haller --- src/nm-policy.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/nm-policy.c b/src/nm-policy.c index f569b75360..f454d90fbf 100644 --- a/src/nm-policy.c +++ b/src/nm-policy.c @@ -2165,8 +2165,8 @@ dispose (GObject *object) g_clear_object (&priv->lookup_addr); g_clear_object (&priv->resolver); - g_slist_free_full (priv->pending_activation_checks, (GDestroyNotify) activate_data_free); - priv->pending_activation_checks = NULL; + while (priv->pending_activation_checks) + activate_data_free (priv->pending_activation_checks->data); g_slist_free_full (priv->pending_secondaries, (GDestroyNotify) pending_secondary_data_free); priv->pending_secondaries = NULL;