From 007d945467499f43656b141171d31f5643b83a6c Mon Sep 17 00:00:00 2001
From: Matthias Schiffer <mschiffer@universe-factory.net>
Date: Fri, 24 Feb 2023 22:25:07 +0100
Subject: uclient: cancel state change timeout in uclient_disconnect()

When the uloop is ended right after the state change timeout has been
armed, the timeout will never be cancelled, without a way for the
libuclient user to clean up. When uclient_free() is then called on the
uclient context while the uloop is still live, the entry in uloop's timeout
list will be dangling, often resulting in a segfault when new timeouts are
added or the timeout list is cleaned up in uloop_done().

Fix this by cancelling the timeout in uclient_disconnect().

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
---
 uclient.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/uclient.c b/uclient.c
index a372d4a..ce76bcf 100644
--- a/uclient.c
+++ b/uclient.c
@@ -372,6 +372,7 @@ int uclient_read(struct uclient *cl, char *buf, int len)
 void uclient_disconnect(struct uclient *cl)
 {
 	uloop_timeout_cancel(&cl->connection_timeout);
+	uloop_timeout_cancel(&cl->timeout);
 
 	if (!cl->backend->disconnect)
 		return;
-- 
cgit v1.2.1