edbus: Fix invalid access memory in edbus_service_interface_unregister()

_object_unregister is called synchronized by libdbus, so when _interface_free() ran
your object its already freed.

==30579== Invalid read of size 4
==30579==    at 0x4775190: _find_object_manager_parent (edbus_service.c:803)
==30579==    by 0x4775292: _interface_free (edbus_service.c:1011)
==30579==    by 0x4777F1D: edbus_service_interface_unregister (edbus_service.c:1101)
==30579==    by 0x40CBD28: elm_dbus_menu_delete (elm_dbus_menu.c:128)
==30579==    by 0x414552F: _elm_menu_smart_del (elm_menu.c:562)
==30579==    by 0x4810F39: _eo_op_internal (eo.c:363)
==30579==    by 0x4812E1B: eo_do_internal (eo.c:403)
==30579==    by 0x4279D02: evas_object_smart_del (evas_object_smart.c:1080)

Patch by: José Roberto de Souza  <zehortigoza@profusion.mobi>

SVN revision: 81180

diff --git a/legacy/edbus/src/lib/edbus_service.c b/legacy/edbus/src/lib/edbus_service.c
index 0eeee8c..a68ea8a 100644 (file)
--- a/legacy/edbus/src/lib/edbus_service.c
+++ b/legacy/edbus/src/lib/edbus_service.c
@@ -1095,9 +1095,14 @@ EAPI void
 edbus_service_interface_unregister(EDBus_Service_Interface *iface)
 {
    EDBUS_SERVICE_INTERFACE_CHECK(iface);
+   if (!eina_hash_find(iface->obj->interfaces, objmanager->name))
+     {
+        //properties + introspectable + iface that user wants unregister
+        if (eina_hash_population(iface->obj->interfaces) < 4)
+          edbus_service_object_unregister(iface);
+        return;
+     }
    eina_hash_del(iface->obj->interfaces, NULL, iface);
-   if (eina_hash_population(iface->obj->interfaces) < 3)
-     edbus_service_object_unregister(iface);
    _interface_free(iface);
 }