fdo-mirrors/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git synced 2026-01-07 20:40:21 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

settings: fix a crash in emit_updated() accessing invalid pointer

Browse source 
by disconnecting signal handlers in dispose().

Commit 6a19e68a moved nm_connection_clear_secrets() from plugins' finalize() to
NMSettingsConnection's dispose(). But clearing secrets emits "changed" signal
which cause changed_cb() to be called and emit_updated() scheduled. And
emit_updated() was called later after finalize() on released object.

The crash can be invoked by having two keyfile connection files with the same
uuid in them.

Backtrace:
 (NetworkManager:12262): GLib-GObject-WARNING **: attempt to retrieve private data for invalid type 'NMSettingsConnection'
 Program received signal SIGSEGV, Segmentation fault.
 emit_updated (self=0xf38dd0 [NMSettingConnection]) at settings/nm-settings-connection.c:401
 401		NM_SETTINGS_CONNECTION_GET_PRIVATE (self)->updated_idle_id = 0;
 (gdb) bt
 #0  emit_updated (self=0xf38dd0 [NMSettingConnection]) at settings/nm-settings-connection.c:401
 #1  0x0000003c49647825 in g_main_dispatch (context=0x785970) at gmain.c:2539
 #2  g_main_context_dispatch (context=context@entry=0x785970) at gmain.c:3075
 #3  0x0000003c49647b58 in g_main_context_iterate (context=0x785970, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3146
 #4  0x0000003c49647f52 in g_main_loop_run (loop=0x7857c0) at gmain.c:3340
 #5  0x000000000042d4e9 in main (argc=1, argv=0x7fffffffe508) at main.c:679
This commit is contained in:
Jiří Klimeš 2014-08-28 09:10:37 +02:00
parent 94758eb688
commit f6b4ab7d3b
1 changed files with 7 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
src/settings/nm-settings-connection.c
View file

@ -2044,6 +2044,13 @@ dispose (GObject *object)
priv->updated_idle_id = 0;
}
/* Disconnect handlers.
* changed_cb() has to be disconnected *before* nm_connection_clear_secrets(),
* because nm_connection_clear_secrets() emits NM_CONNECTION_CHANGED signal.
*/
g_signal_handlers_disconnect_by_func (self, G_CALLBACK (secrets_cleared_cb), NULL);
g_signal_handlers_disconnect_by_func (self, G_CALLBACK (changed_cb), GUINT_TO_POINTER (TRUE));
nm_connection_clear_secrets (NM_CONNECTION (self));
g_clear_object (&priv->system_secrets);
g_clear_object (&priv->agent_secrets);