Fix use-after-free in polkitagentsession.c

PolkitAgentTextListener's "completed" handler drops the last reference to the session; in fact this is explicitly recommended in the signal's documentation. So we must not access any members of session after emitting the signal. Found while dealing with https://bugs.freedesktop.org/show_bug.cgi?id=69501
author: Miloslav Trmač <mitr@redhat.com> 2015-04-14 22:27:41 +0200
committer: Miloslav Trmač <mitr@redhat.com> 2015-06-23 18:57:56 +0200
commit: efb6cd56a423ba15bb1f44ee3c4987aad5a5fd45 (patch)
tree: 845078be27b984924f7f1183a64d668a3811a169
parent: 9f5e0c731784003bd4d6fc75ab739ff8b2ea269f (diff)
download: polkit-efb6cd56a423ba15bb1f44ee3c4987aad5a5fd45.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/src/polkitagent/polkitagentsession.c b/src/polkitagent/polkitagentsession.c
index 8b93ad0..895d75e 100644
--- a/src/polkitagent/polkitagentsession.c
+++ b/src/polkitagent/polkitagentsession.c
@@ -412,8 +412,9 @@ complete_session (PolkitAgentSession *session,
     {
       if (G_UNLIKELY (_show_debug ()))
         g_print ("PolkitAgentSession: emitting ::completed(%s)\n", result ? "TRUE" : "FALSE");
-      g_signal_emit_by_name (session, "completed", result);
       session->have_emitted_completed = TRUE;
+      /* Note that the signal handler may drop the last reference to session. */
+      g_signal_emit_by_name (session, "completed", result);
     }
 }
author	Miloslav Trmač <mitr@redhat.com>	2015-04-14 22:27:41 +0200
committer	Miloslav Trmač <mitr@redhat.com>	2015-06-23 18:57:56 +0200
commit	efb6cd56a423ba15bb1f44ee3c4987aad5a5fd45 (patch)
tree	845078be27b984924f7f1183a64d668a3811a169
parent	9f5e0c731784003bd4d6fc75ab739ff8b2ea269f (diff)
download	polkit-efb6cd56a423ba15bb1f44ee3c4987aad5a5fd45.tar.gz