diff options
| author | Simon McVittie <smcv@collabora.com> | 2020-02-20 00:36:53 +0000 |
|---|---|---|
| committer | Simon McVittie <smcv@collabora.com> | 2020-02-20 12:43:34 +0000 |
| commit | b034b83b59efffd4cc819ad42d0cd078d91d53df (patch) | |
| tree | 4b2224b1fc00fc78fda2e9a3003b0275254b85fa | |
| parent | b6fd40cef9aaebeff7f9653c0b7e18f43695d72f (diff) | |
| download | dbus-b034b83b59efffd4cc819ad42d0cd078d91d53df.tar.gz | |
bus: Don't explicitly clear BusConnections.monitors
Each connection that is an active monitor holds a pointer to its own
link in this list, via BusConnectionData.link_in_monitors. We can't
validly free the list while these pointers exist: that would be a
use-after-free, when each connection gets disconnected and tries to
remove itself from the list.
Instead, let each connection remove itself from the list, then assert
that the list has become empty.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Resolves: https://gitlab.freedesktop.org/dbus/dbus/issues/291
| -rw-r--r-- | bus/connection.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/bus/connection.c b/bus/connection.c index b1b6bdd5..add1c8b8 100644 --- a/bus/connection.c +++ b/bus/connection.c @@ -543,9 +543,6 @@ bus_connections_unref (BusConnections *connections) _dbus_assert (connections->n_incomplete == 0); - /* drop all monitors */ - _dbus_list_clear (&connections->monitors); - /* drop all real connections */ while (connections->completed != NULL) { @@ -561,6 +558,10 @@ bus_connections_unref (BusConnections *connections) _dbus_assert (connections->n_completed == 0); + /* disconnecting all the connections should have emptied the list of + * monitors (each link is removed in bus_connection_disconnected) */ + _dbus_assert (connections->monitors == NULL); + bus_expire_list_free (connections->pending_replies); _dbus_loop_remove_timeout (bus_context_get_loop (connections->context), |