From 1d5c815ecd3a5ac6032e7931491296e693b51ccd Mon Sep 17 00:00:00 2001
From: Wim Taymans <wim.taymans@collabora.co.uk>
Date: Thu, 30 May 2013 16:46:02 +0200
Subject: [PATCH] gmain: handle blocked source in g_source_add_child_source()

When a child_source is added to a blocked source it has no context, yet we
call block_source on it that segfaults when it dereferences the NULL context
when it attempts to remove the file descriptors. To fix this we:

- Ensure that when we block a source, we don't attempt to remove its file
  descriptors from a NULL context.

- Also ensure that when we attach a blocked source to a context, we don't add the
  file descriptors to the context.

https://bugzilla.gnome.org/show_bug.cgi?id=701283
---
 glib/gmain.c | 34 ++++++++++++++++++++--------------
 1 file changed, 20 insertions(+), 14 deletions(-)

diff --git a/glib/gmain.c b/glib/gmain.c
index cf219fe..3c66108 100644
--- a/glib/gmain.c
+++ b/glib/gmain.c
@@ -1118,15 +1118,18 @@ g_source_attach_unlocked (GSource      *source,
   source->ref_count++;
   source_add_to_context (source, context);
 
-  tmp_list = source->poll_fds;
-  while (tmp_list)
+  if (!SOURCE_BLOCKED (source))
     {
-      g_main_context_add_poll_unlocked (context, source->priority, tmp_list->data);
-      tmp_list = tmp_list->next;
-    }
+      tmp_list = source->poll_fds;
+      while (tmp_list)
+        {
+          g_main_context_add_poll_unlocked (context, source->priority, tmp_list->data);
+          tmp_list = tmp_list->next;
+        }
 
-  for (tmp_list = source->priv->fds; tmp_list; tmp_list = tmp_list->next)
-    g_main_context_add_poll_unlocked (context, source->priority, tmp_list->data);
+      for (tmp_list = source->priv->fds; tmp_list; tmp_list = tmp_list->next)
+        g_main_context_add_poll_unlocked (context, source->priority, tmp_list->data);
+    }
 
   tmp_list = source->priv->child_sources;
   while (tmp_list)
@@ -2941,15 +2944,18 @@ block_source (GSource *source)
 
   source->flags |= G_SOURCE_BLOCKED;
 
-  tmp_list = source->poll_fds;
-  while (tmp_list)
+  if (source->context)
     {
-      g_main_context_remove_poll_unlocked (source->context, tmp_list->data);
-      tmp_list = tmp_list->next;
-    }
+      tmp_list = source->poll_fds;
+      while (tmp_list)
+        {
+          g_main_context_remove_poll_unlocked (source->context, tmp_list->data);
+          tmp_list = tmp_list->next;
+        }
 
-  for (tmp_list = source->priv->fds; tmp_list; tmp_list = tmp_list->next)
-    g_main_context_remove_poll_unlocked (source->context, tmp_list->data);
+      for (tmp_list = source->priv->fds; tmp_list; tmp_list = tmp_list->next)
+        g_main_context_remove_poll_unlocked (source->context, tmp_list->data);
+    }
 
   if (source->priv && source->priv->child_sources)
     {
-- 
2.7.4