Fix deadlock in g_object_remove_toggle_ref()

The code section guarded with toggle_refs_mutex includes a call to
g_object_unref(), which may call toggle_refs_notify(). As the latter
tries to acquire the same mutex, glib locks up.

https://bugzilla.gnome.org/show_bug.cgi?id=632884

diff --git a/gobject/gobject.c b/gobject/gobject.c
index ba19611..49eff4d 100644 (file)
--- a/gobject/gobject.c
+++ b/gobject/gobject.c
@@ -2587,14 +2587,14 @@ g_object_remove_toggle_ref (GObject       *object,
            if (tstack->n_toggle_refs == 0)
              g_datalist_unset_flags (&object->qdata, OBJECT_HAS_TOGGLE_REF_FLAG);
 
-           g_object_unref (object);
-           
            break;
          }
     }
   G_UNLOCK (toggle_refs_mutex);
-  
-  if (!found_one)
+
+  if (found_one)
+    g_object_unref (object);
+  else
     g_warning ("%s: couldn't find toggle ref %p(%p)", G_STRFUNC, notify, data);
 }