[glib2/f20] Resolves: rhbz#1035423 - Use after free causes critical warnings in g-s-d, potential crasher

rtcm rtcm at fedoraproject.org
Wed Nov 27 17:37:49 UTC 2013 

commit 5dc417513015e0d99f98c30120b885b0fbe65999
Author: Rui Matos <tiagomatos at gmail.com>
Date:   Wed Nov 27 17:42:58 2013 +0100

    Resolves: rhbz#1035423 - Use after free causes critical warnings in g-s-d, potential crasher
    
    Add upstream patch for
    https://bugzilla.gnome.org/show_bug.cgi?id=719402, aka rhbz#1035423

 ...ManagerClient-keep-the-manager-alive-whil.patch |   87 ++++++++++++++++++++
 glib2.spec                                         |   10 ++-
 2 files changed, 96 insertions(+), 1 deletions(-)
---
diff --git a/0001-GDBusObjectManagerClient-keep-the-manager-alive-whil.patch b/0001-GDBusObjectManagerClient-keep-the-manager-alive-whil.patch
new file mode 100644
index 0000000..48a8c51
--- /dev/null
+++ b/0001-GDBusObjectManagerClient-keep-the-manager-alive-whil.patch
@@ -0,0 +1,87 @@
+From 1300108e0c50e70d5414c195649ad41419074e1a Mon Sep 17 00:00:00 2001
+From: Rui Matos <tiagomatos at gmail.com>
+Date: Wed, 27 Nov 2013 14:32:05 +0100
+Subject: [PATCH] GDBusObjectManagerClient: keep the manager alive while firing
+ signals
+
+Handlers for the signals we emit might unref the object manager. Make
+sure we keep it alive until we are done with it.
+
+https://bugzilla.gnome.org/show_bug.cgi?id=719402
+---
+ gio/gdbusobjectmanagerclient.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/gio/gdbusobjectmanagerclient.c b/gio/gdbusobjectmanagerclient.c
+index d9ccf71..f33ca21 100644
+--- a/gio/gdbusobjectmanagerclient.c
++++ b/gio/gdbusobjectmanagerclient.c
+@@ -1006,6 +1006,7 @@ signal_cb (GDBusConnection *connection,
+ 
+   //g_debug ("yay, signal_cb %s %s: %s\n", signal_name, object_path, g_variant_print (parameters, TRUE));
+ 
++  g_object_ref (manager);
+   if (g_strcmp0 (interface_name, "org.freedesktop.DBus.Properties") == 0)
+     {
+       if (g_strcmp0 (signal_name, "PropertiesChanged") == 0)
+@@ -1087,6 +1088,7 @@ signal_cb (GDBusConnection *connection,
+           g_object_unref (interface);
+         }
+     }
++  g_object_unref (manager);
+ 
+  out:
+   g_clear_object (&object_proxy);
+@@ -1243,6 +1245,7 @@ on_notify_g_name_owner (GObject    *object,
+   new_name_owner = g_dbus_proxy_get_name_owner (manager->priv->control_proxy);
+   manager->priv->name_owner = NULL;
+ 
++  g_object_ref (manager);
+   if (g_strcmp0 (old_name_owner, new_name_owner) != 0)
+     {
+       GList *l;
+@@ -1319,6 +1322,7 @@ on_notify_g_name_owner (GObject    *object,
+ 
+     }
+   g_free (old_name_owner);
++  g_object_unref (manager);
+ }
+ 
+ static gboolean
+@@ -1543,6 +1547,7 @@ add_interfaces (GDBusObjectManagerClient *manager,
+   g_mutex_unlock (&manager->priv->lock);
+ 
+   /* now that we don't hold the lock any more, emit signals */
++  g_object_ref (manager);
+   for (l = interface_added_signals; l != NULL; l = l->next)
+     {
+       interface_proxy = G_DBUS_PROXY (l->data);
+@@ -1558,8 +1563,8 @@ add_interfaces (GDBusObjectManagerClient *manager,
+                            op);
+       g_signal_emit_by_name (manager, "object-added", op);
+     }
++  g_object_unref (manager);
+   g_object_unref (op);
+-
+ }
+ 
+ static void
+@@ -1592,6 +1597,7 @@ remove_interfaces (GDBusObjectManagerClient   *manager,
+   num_interfaces_to_remove = g_strv_length ((gchar **) interface_names);
+ 
+   /* see if we are going to completety remove the object */
++  g_object_ref (manager);
+   if (num_interfaces_to_remove == num_interfaces)
+     {
+       g_object_ref (op);
+@@ -1617,6 +1623,7 @@ remove_interfaces (GDBusObjectManagerClient   *manager,
+         }
+       g_object_unref (op);
+     }
++  g_object_unref (manager);
+  out:
+   ;
+ }
+-- 
+1.8.3.1
+
diff --git a/glib2.spec b/glib2.spec
index 05f9434..b409481 100644
--- a/glib2.spec
+++ b/glib2.spec
@@ -3,13 +3,15 @@
 Summary: A library of handy utility functions
 Name: glib2
 Version: 2.38.2
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: LGPLv2+
 Group: System Environment/Libraries
 URL: http://www.gtk.org
 #VCS: git:git://git.gnome.org/glib
 Source: http://download.gnome.org/sources/glib/2.38/glib-%{version}.tar.xz
 
+Patch0: 0001-GDBusObjectManagerClient-keep-the-manager-alive-whil.patch
+
 BuildRequires: pkgconfig
 BuildRequires: gettext
 BuildRequires: libattr-devel
@@ -76,6 +78,8 @@ the functionality of the installed glib2 package.
 %prep
 %setup -q -n glib-%{version}
 
+%patch0 -p1
+
 # Workaround wrong gtk-doc.make timestamp
 # https://bugzilla.gnome.org/show_bug.cgi?id=700350
 touch -r Makefile.am gtk-doc.make
@@ -205,6 +209,10 @@ gio-querymodules-%{__isa_bits} %{_libdir}/gio/modules
 %{_datadir}/installed-tests
 
 %changelog
+* Wed Nov 27 2013 Rui Matos <rmatos at redhat.com> - 2.38.2-2
+- Add upstream patch for https://bugzilla.gnome.org/show_bug.cgi?id=719402
+- Resolves: rhbz#1035423 - Use after free causes critical warnings in g-s-d, potential crasher
+
 * Tue Nov 12 2013 Richard Hughes <rhughes at redhat.com> - 2.38.2-1
 - Update to 2.38.2

More information about the scm-commits mailing list