[Bug 24333] New: Call dbus_g_proxy_disconnect_signal() with an "almost-freed" parameter
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Mon Oct 5 22:57:24 CEST 2009
http://bugs.freedesktop.org/show_bug.cgi?id=24333
Summary: Call dbus_g_proxy_disconnect_signal() with an "almost-
freed" parameter
Product: Telepathy
Version: unspecified
Platform: Other
OS/Version: All
Status: NEW
Severity: normal
Priority: medium
Component: tp-glib
AssignedTo: telepathy-bugs at lists.freedesktop.org
ReportedBy: alban.crequy at collabora.co.uk
telepathy-glib/proxy-signals.c
tp_proxy_signal_connection_disconnect_dbus_glib() line 87:
> dbus_g_proxy_disconnect_signal (iface_proxy, sc->member,
> sc->collect_args, (gpointer) sc);
The variable sc->member is not freed before the call but it will be freed
during the call by this stack:
==9440== at 0x4024866: free (vg_replace_malloc.c:325)
==9440== by 0x5C26FE5: g_free (gmem.c:190)
==9440== by 0x4366828: tp_proxy_signal_connection_unref
(proxy-signals.c:174)
==9440== by 0x5BAD932: g_closure_unref (gclosure.c:254)
==9440== by 0x5BC3C50: signal_handlers_foreach_matched_R (gsignal.c:637)
==9440== by 0x5BC3E15: g_signal_handlers_disconnect_matched (gsignal.c:2673)
==9440== by 0x425926E: dbus_g_proxy_disconnect_signal (dbus-gproxy.c:3033)
It means the implementation of dbus_g_proxy_disconnect_signal() cannot read its
parameter "signal_name" after the signal disconnection although the parameter
is supposedly "const".
It is not a problem with the current version of dbus-glib because it does not
read the parameter after the disconnection. But it is surprising, I think
tp-glib should not give a parameter that it is going to free before the end of
the call.
I found this problem while hacking on Bug #23846.
--
Configure bugmail: http://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the telepathy-bugs
mailing list