[evolution-data-server] Crash under e-data-cal-view.c:pending_flush_timeout_cb()
- From: Milan Crha <mcrha src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [evolution-data-server] Crash under e-data-cal-view.c:pending_flush_timeout_cb()
- Date: Fri, 6 Oct 2017 06:23:59 +0000 (UTC)
commit 695a5effa23b5f682f3316f964eecda871d062ed
Author: Milan Crha <mcrha redhat com>
Date: Fri Oct 6 08:20:56 2017 +0200
Crash under e-data-cal-view.c:pending_flush_timeout_cb()
There could happen (with proper thread interleaving) a crash under
pending_flush_timeout_cb() when one thread had been inside this function
while another thread had been freeing the 'view' object. This change
reorders the calls to avoid freeing objects while they can be used.
It had been reported downstream at:
https://bugzilla.redhat.com/show_bug.cgi?id=1498853
src/addressbook/libedata-book/e-data-book-view.c | 18 ++++++++++--------
src/calendar/libedata-cal/e-data-cal-view.c | 18 ++++++++++--------
2 files changed, 20 insertions(+), 16 deletions(-)
---
diff --git a/src/addressbook/libedata-book/e-data-book-view.c
b/src/addressbook/libedata-book/e-data-book-view.c
index 14731d1..36157ad 100644
--- a/src/addressbook/libedata-book/e-data-book-view.c
+++ b/src/addressbook/libedata-book/e-data-book-view.c
@@ -197,9 +197,11 @@ pending_flush_timeout_cb (gpointer data)
view->priv->flush_id = 0;
- send_pending_adds (view);
- send_pending_changes (view);
- send_pending_removes (view);
+ if (!g_source_is_destroyed (g_main_current_source ())) {
+ send_pending_adds (view);
+ send_pending_changes (view);
+ send_pending_removes (view);
+ }
g_mutex_unlock (&view->priv->pending_mutex);
@@ -473,11 +475,6 @@ data_book_view_dispose (GObject *object)
priv = E_DATA_BOOK_VIEW_GET_PRIVATE (object);
- g_clear_object (&priv->connection);
- g_clear_object (&priv->gdbus_object);
- g_clear_object (&priv->backend);
- g_clear_object (&priv->sexp);
-
g_mutex_lock (&priv->pending_mutex);
if (priv->flush_id > 0) {
@@ -487,6 +484,11 @@ data_book_view_dispose (GObject *object)
g_mutex_unlock (&priv->pending_mutex);
+ g_clear_object (&priv->connection);
+ g_clear_object (&priv->gdbus_object);
+ g_clear_object (&priv->backend);
+ g_clear_object (&priv->sexp);
+
/* Chain up to parent's dispose() method. */
G_OBJECT_CLASS (e_data_book_view_parent_class)->dispose (object);
}
diff --git a/src/calendar/libedata-cal/e-data-cal-view.c b/src/calendar/libedata-cal/e-data-cal-view.c
index e590b92..6180baa 100644
--- a/src/calendar/libedata-cal/e-data-cal-view.c
+++ b/src/calendar/libedata-cal/e-data-cal-view.c
@@ -428,11 +428,6 @@ data_cal_view_dispose (GObject *object)
priv = E_DATA_CAL_VIEW_GET_PRIVATE (object);
- g_clear_object (&priv->connection);
- g_clear_object (&priv->gdbus_object);
- g_clear_object (&priv->backend);
- g_clear_object (&priv->sexp);
-
g_mutex_lock (&priv->pending_mutex);
if (priv->flush_id > 0) {
@@ -442,6 +437,11 @@ data_cal_view_dispose (GObject *object)
g_mutex_unlock (&priv->pending_mutex);
+ g_clear_object (&priv->connection);
+ g_clear_object (&priv->gdbus_object);
+ g_clear_object (&priv->backend);
+ g_clear_object (&priv->sexp);
+
/* Chain up to parent's dispose() method. */
G_OBJECT_CLASS (e_data_cal_view_parent_class)->dispose (object);
}
@@ -689,9 +689,11 @@ pending_flush_timeout_cb (gpointer data)
view->priv->flush_id = 0;
- send_pending_adds (view);
- send_pending_changes (view);
- send_pending_removes (view);
+ if (!g_source_is_destroyed (g_main_current_source ())) {
+ send_pending_adds (view);
+ send_pending_changes (view);
+ send_pending_removes (view);
+ }
g_mutex_unlock (&view->priv->pending_mutex);
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
