Crashes in g_hash_table_iter_next call

[Aleksander Morgado]

Hey

> With different versions of ModemManager (1.6.12, 1.6.4, 1.4.2), we have seen (rarely) segfault crashes in g_hash_table_iter_next called by mm_base_modem_find_ports because the hash table corresponding to ports is NULL.
> When the crash occurs, in mm_base_modem_find_ports (mm-base-modem.c),  "self->priv->ports" and "self->priv->authp"  are NULL. It seems that they can be NULL only if dispose was called before but the reference count of the object is not equal to 0 (7 for example). Maybe because g_object_run_dispose was called.
> Unfortunately, we do not have a method to reproduce these crashes even if it seems to occur at modem unplug (huawei models - broadband).
> Is it a known problem?
>

I believe we should be checking for self->priv->ports being not NULL
in that method, that should solve this problem. This looks like a race
when the modem gets unplugged indeed, but my impression is that a
dangling modem reference left unref-ed could also increase the chances
of this occurring. Have you not found the issue with MM 1.8? Or just
not tried?

-- 
Aleksander
https://aleksander.es