From 8b9ed30d94dcfd52a7de68aa39937505599ce722 Mon Sep 17 00:00:00 2001 From: Jukka Rissanen Date: Mon, 15 Oct 2012 13:36:03 +0300 Subject: [PATCH] gresolv: Avoid accessing already freed memory We must remove the lookup from lookup queue and query from query queue before calling user callback. The callback might unref the GResolv which in turn would remove the lookup/query what we are trying to access after the callback is returned. So it is enough to remove the lookup or query entry from queue before cb is called and then manually remove it after the callback has returned. --- gweb/gresolv.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/gweb/gresolv.c b/gweb/gresolv.c index 77c1afb..440f43c 100644 --- a/gweb/gresolv.c +++ b/gweb/gresolv.c @@ -497,10 +497,11 @@ static void sort_and_return_results(struct resolv_lookup *lookup) status = lookup->ipv4_status; } + g_queue_remove(lookup->resolv->lookup_queue, lookup); + lookup->result_func(status, results, lookup->result_data); g_strfreev(results); - g_queue_remove(lookup->resolv->lookup_queue, lookup); destroy_lookup(lookup); } @@ -520,11 +521,12 @@ static gboolean query_timeout(gpointer user_data) lookup->ipv6_query = NULL; } + g_queue_remove(resolv->query_queue, query); + if (lookup->ipv4_query == NULL && lookup->ipv6_query == NULL) sort_and_return_results(lookup); destroy_query(query); - g_queue_remove(resolv->query_queue, query); return FALSE; } @@ -709,11 +711,12 @@ static void parse_response(struct resolv_nameserver *nameserver, } } + g_queue_remove(resolv->query_queue, query); + if (lookup->ipv4_query == NULL && lookup->ipv6_query == NULL) sort_and_return_results(lookup); destroy_query(query); - g_queue_remove(resolv->query_queue, query); } static gboolean received_udp_data(GIOChannel *channel, GIOCondition cond, -- 2.7.4