fdo-mirrors/dbus
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/dbus/dbus.git synced 2025-12-29 19:30:12 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

bus: Don't explicitly clear BusConnections.monitors

Browse source 
Each connection that is an active monitor holds a pointer to its own
link in this list, via BusConnectionData.link_in_monitors. We can't
validly free the list while these pointers exist: that would be a
use-after-free, when each connection gets disconnected and tries to
remove itself from the list.

Instead, let each connection remove itself from the list, then assert
that the list has become empty.

Signed-off-by: Simon McVittie <smcv@collabora.com>
Resolves: https://gitlab.freedesktop.org/dbus/dbus/issues/291
This commit is contained in:
Simon McVittie 2020-02-20 00:36:53 +00:00
parent b6fd40cef9
commit b034b83b59
1 changed files with 4 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
bus/connection.c
View file

@ -543,9 +543,6 @@ bus_connections_unref (BusConnections *connections)
_dbus_assert (connections->n_incomplete == 0);
/* drop all monitors */
_dbus_list_clear (&connections->monitors);
/* drop all real connections */
while (connections->completed != NULL)
{
@ -561,6 +558,10 @@ bus_connections_unref (BusConnections *connections)
_dbus_assert (connections->n_completed == 0);
/* disconnecting all the connections should have emptied the list of
* monitors (each link is removed in bus_connection_disconnected) */
_dbus_assert (connections->monitors == NULL);
bus_expire_list_free (connections->pending_replies);
_dbus_loop_remove_timeout (bus_context_get_loop (connections->context),