diff options
| author | Nick Schermer <nick@xfce.org> | 2009-12-26 13:36:09 +0100 |
|---|---|---|
| committer | Nick Schermer <nick@xfce.org> | 2009-12-26 13:36:09 +0100 |
| commit | 6b3dc965b9d5b20d9dd97f2b79cd99d95324546f (patch) | |
| tree | ffb6dd12084dd58e3f50624f0c02596ddd5dfb81 /xfconf/xfconf-cache.c | |
| parent | 20aaa3a4079cb797d040dab4a3ea12a34ac0a960 (diff) | |
| download | xfconf-6b3dc965b9d5b20d9dd97f2b79cd99d95324546f.tar.gz | |
Fix segfault triggered by object-bindings test.
It turned out the object bindings code triggered a bug
in the cache code because it edits multiple properties
with the same name in a short time and then destroying
the channel.
This left a number (6) of pending call keys in one of the
hash tables with the same value resulting in double frees
when destroying the table.
To fix this steal the item from the table when cancelling
the dbus call, then the old_item we insert again is then
not freed and exists only once in the table.
Diffstat (limited to 'xfconf/xfconf-cache.c')
| -rw-r--r-- | xfconf/xfconf-cache.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/xfconf/xfconf-cache.c b/xfconf/xfconf-cache.c index d7d8504..b6bffe7 100644 --- a/xfconf/xfconf-cache.c +++ b/xfconf/xfconf-cache.c @@ -757,9 +757,12 @@ xfconf_cache_set(XfconfCache *cache, /* if we have an old item, it means that a previous set * call hasn't returned yet. let's cancel that call and * throw away the current not-yet-committed value of - * the property. */ + * the property. + * we also steal the old_item from the pending_calls table + * so there are no pending item left. */ if(old_item->call) { dbus_g_proxy_cancel_call(proxy, old_item->call); + g_hash_table_steal(cache->pending_calls, old_item->call); old_item->call = NULL; } } else { |