[Spice-devel] [PATCH spice-gtk 02/16] Revert "channel-main: Fix dangling references to freed file-xfer-tasks on agent cancel"
Hans de Goede
hdegoede at redhat.com
Tue Apr 9 03:07:55 PDT 2013
Hi,
On 04/09/2013 12:02 PM, Christophe Fergeau wrote:
> On Fri, Mar 29, 2013 at 12:40:14PM +0100, Hans de Goede wrote:
>> The fix from commit 19313a133af0d2404b29914b5937219127ad455b is incomplete,
>> this commit added code to file_xfer_close_cb, to remove any reference to
>> the task being closed from the flushing queue.
>>
>> But file_xfer_flushed / file_xfer_flush_async execute file_xfer_data_flushed_cb
>> from an idle handler, so it is possible that when file_xfer_close_cb runs and
>> frees the task, it is not part of the flushing queue, but a
>> file_xfer_data_flushed_cb with the task as user_data argument still needs to
>> run, and when it will run it will refer to the now freed task.
>
> ACK, though I can't help wondering if using g_simple_async_result_complete
> instead of g_simple_async_result_complete_in_idle would not make things
> simpler. Or are these callbacks potentially running in a thread?
The flushing happens from the main channel coroutine.
Regards,
Hans
More information about the Spice-devel
mailing list