gdbus/watch: Fix crash when g_dbus_remove_watch is called from connect callback

 at 0x40570C: update_service (watch.c:601)
 by 0x40584B: service_reply (watch.c:627)
 by 0x3B0700C511: ??? (in /usr/lib64/libdbus-1.so.3.7.4)
 by 0x3B0700F740: dbus_connection_dispatch (in /usr/lib64/libdbus-1.so.3.7.4)
 by 0x405167: message_dispatch (mainloop.c:76)
 by 0x3B03C48962: ??? (in /usr/lib64/libglib-2.0.so.0.3600.3)
 by 0x3B03C47E05: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.3600.3)
 by 0x3B03C48157: ??? (in /usr/lib64/libglib-2.0.so.0.3600.3)
 by 0x3B03C48559: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.3600.3)
Address 0x4c58a30 is 32 bytes inside a block of size 56 free'd
 at 0x4A074C4: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
 by 0x3B03C4D9AE: g_free (in /usr/lib64/libglib-2.0.so.0.3600.3)
 by 0x406102: filter_data_remove_callback (watch.c:378)
 by 0x405FC0: g_dbus_remove_watch (watch.c:798)
 by 0x40A22B: g_dbus_client_unref (client.c:1227)
 by 0x40570B: update_service (watch.c:599)
 by 0x40584B: service_reply (watch.c:627)

diff --git a/gdbus/watch.c b/gdbus/watch.c
index 9e4f994..ed3bc42 100644 (file)
--- a/gdbus/watch.c
+++ b/gdbus/watch.c
@@ -593,12 +593,16 @@ static gboolean update_service(void *user_data)
 {
        struct service_data *data = user_data;
        struct filter_callback *cb = data->callback;
+       DBusConnection *conn;
 
        update_name_cache(data->name, data->owner);
+       conn = dbus_connection_ref(data->conn);
+       service_data_free(data);
+
        if (cb->conn_func)
-               cb->conn_func(data->conn, cb->user_data);
+               cb->conn_func(conn, cb->user_data);
 
-       service_data_free(data);
+       dbus_connection_unref(conn);
 
        return FALSE;
 }