gdbus: Fix invalid memory access while unregistering
authorLucas De Marchi <lucas.demarchi@profusion.mobi>
Thu, 4 Oct 2012 20:42:33 +0000 (17:42 -0300)
committerMarcel Holtmann <marcel@holtmann.org>
Mon, 26 Nov 2012 13:44:48 +0000 (14:44 +0100)
commitb001a835f425f765ba29f1fe419200f04f95645e
treec2f2cf5651f95e5e2b155b3793d030c0899d3044
parentced8c2d5471ff55302f0f1a93230fe63c307532e
gdbus: Fix invalid memory access while unregistering

If an interface is added and removed on the same mailoop iteration,
ObjectManager would try to send InterfacesAdded signal while running the
idler because the interface was added to data->added list.

This is easily reproduced by forcing an error path in a plugin
registration, like on sap_server_register(), resulting in the following
error:

==11795== Invalid read of size 4
==11795==    at 0x496F592: dbus_message_iter_append_basic (dbus-message.c:2598)
==11795==    by 0x117B39: append_interface (object.c:554)
==11795==    by 0x48955E7: g_slist_foreach (gslist.c:840)
==11795==    by 0x11923B: process_changes (object.c:592)
==11795==    by 0x11956D: generic_unregister (object.c:980)
==11795==    by 0x4973BAC: _dbus_object_tree_unregister_and_unlock (dbus-object-tree.c:516)
==11795==    by 0x4965240: dbus_connection_unregister_object_path (dbus-connection.c:5776)
==11795==    by 0x1178A5: object_path_unref (object.c:1219)
==11795==    by 0x118517: g_dbus_unregister_interface (object.c:1344)
==11795==    by 0x19AF5B: sap_exit (sap.c:385)
==11795==    by 0x13E9E2: sap_server_register (server.c:1428)
==11795==    by 0x13C092: sap_server_probe (manager.c:44)

With this patch we don't send the InterfacesAdded signal, removing it
from data->added while unregistering.
gdbus/object.c