glib r7447 - in trunk: . glib

[matthiasc svn gnome org]

Author: matthiasc
Date: Tue Sep  9 06:04:21 2008
New Revision: 7447
URL: http://svn.gnome.org/viewvc/glib?rev=7447&view=rev

Log:
2008-09-09  Matthias Clasen  <mclasen redhat com>

        Bug 523463 â Core dump in gmain.c:2482:IA__g_main_context_check()

        * glib/gmain.c (g_main_context_check): Be robust against setting
        event fields on the fly, as e.g. happens in linc. Tracked down
        by Paul Smith, fix proposed by Owen Taylor.


Modified:
   trunk/ChangeLog
   trunk/glib/gmain.c

Modified: trunk/glib/gmain.c
==============================================================================
--- trunk/glib/gmain.c	(original)
+++ trunk/glib/gmain.c	Tue Sep  9 06:04:21 2008
@@ -2525,23 +2525,25 @@
   n_poll = 0;
   while (pollrec && max_priority >= pollrec->priority)
     {
-      if (pollrec->fd->events)
+      /* We need to include entries with fd->events == 0 in the array because
+       * otherwise if the application changes fd->events behind our back and 
+       * makes it non-zero, we'll be out of sync when we check the fds[] array.
+       * (Changing fd->events after adding an FD wasn't an anticipated use of 
+       * this API, but it occurs in practice.) */
+      if (n_poll < n_fds)
 	{
-	  if (n_poll < n_fds)
-	    {
-	      fds[n_poll].fd = pollrec->fd->fd;
-	      /* In direct contradiction to the Unix98 spec, IRIX runs into
-	       * difficulty if you pass in POLLERR, POLLHUP or POLLNVAL
-	       * flags in the events field of the pollfd while it should
-	       * just ignoring them. So we mask them out here.
-	       */
-	      fds[n_poll].events = pollrec->fd->events & ~(G_IO_ERR|G_IO_HUP|G_IO_NVAL);
-	      fds[n_poll].revents = 0;
-	    }
-	  n_poll++;
+	  fds[n_poll].fd = pollrec->fd->fd;
+	  /* In direct contradiction to the Unix98 spec, IRIX runs into
+	   * difficulty if you pass in POLLERR, POLLHUP or POLLNVAL
+	   * flags in the events field of the pollfd while it should
+	   * just ignoring them. So we mask them out here.
+	   */
+	  fds[n_poll].events = pollrec->fd->events & ~(G_IO_ERR|G_IO_HUP|G_IO_NVAL);
+	  fds[n_poll].revents = 0;
 	}
-      
+
       pollrec = pollrec->next;
+      n_poll++;
     }
 
 #ifdef G_THREADS_ENABLED
@@ -2582,7 +2584,7 @@
   GPollRec *pollrec;
   gint n_ready = 0;
   gint i;
-  
+   
   LOCK_CONTEXT (context);
 
   if (context->in_check_or_prepare)
@@ -2619,11 +2621,10 @@
   while (i < n_fds)
     {
       if (pollrec->fd->events)
-	{
-	  pollrec->fd->revents = fds[i].revents;
-	  i++;
-	}
+	pollrec->fd->revents = fds[i].revents;
+
       pollrec = pollrec->next;
+      i++;
     }
 
   source = next_valid_source (context, NULL);