[pulseaudio-discuss] [PATCH] module: Always remove freed module from modules_pending_unload

[David Henningsson]

pa_module_free is called from more than one place, not all of
these places correctly removed the module from the
modules_pending_unload array, potentially causing a dangling pointer
in that array.

Signed-off-by: David Henningsson <david.henningsson at canonical.com>
---

This was found while investigating Pierre's latest comment in
https://bugs.freedesktop.org/show_bug.cgi?id=90108

Pierre, can you see if this solves the problem for you?

 src/pulsecore/module.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/pulsecore/module.c b/src/pulsecore/module.c
index 1d4187e..a83a706 100644
--- a/src/pulsecore/module.c
+++ b/src/pulsecore/module.c
@@ -248,6 +248,8 @@ static void pa_module_free(pa_module *m) {
 
     lt_dlclose(m->dl);
 
+    pa_hashmap_remove(m->core->modules_pending_unload, m);
+
     pa_log_info("Unloaded \"%s\" (index: #%u).", m->name, m->index);
 
     pa_subscription_post(m->core, PA_SUBSCRIPTION_EVENT_MODULE|PA_SUBSCRIPTION_EVENT_REMOVE, m->index);
@@ -264,8 +266,6 @@ void pa_module_unload(pa_core *c, pa_module *m, bool force) {
     if (m->core->disallow_module_loading && !force)
         return;
 
-    pa_hashmap_remove(c->modules_pending_unload, m);
-
     if (!(m = pa_idxset_remove_by_data(c->modules, m, NULL)))
         return;
 
@@ -323,6 +323,7 @@ void pa_module_unload_all(pa_core *c) {
         c->mainloop->defer_free(c->module_defer_unload_event);
         c->module_defer_unload_event = NULL;
     }
+    pa_assert(pa_idxset_isempty(c->modules_pending_unload));
 }
 
 static void defer_cb(pa_mainloop_api*api, pa_defer_event *e, void *userdata) {
-- 
1.9.1