[sysprof: 1/2] enable_paranoid_cb: Do not use g_steal_pointer in callee argument list

From: Christian Hergert <chergert src gnome org>
To: commits-list gnome org
Cc:
Subject: [sysprof: 1/2] enable_paranoid_cb: Do not use g_steal_pointer in callee argument list
Date: Mon, 1 Nov 2021 15:26:39 +0000 (UTC)

commit b3b2e61c198dcaaa94a715670ca4ecf7cba54c44
Author: Michel Dänzer <mdaenzer redhat com>
Date:   Mon Nov 1 10:29:15 2021 +0100

    enable_paranoid_cb: Do not use g_steal_pointer in callee argument list
    
    The order in which the argument list is evaluated is unspecified, so it
    was possible for g_steal_pointer to set self = NULL before
    self->old_governor was evaluated, resulting in a crash:
    
    Program terminated with signal SIGSEGV, Segmentation fault.
    #0  0x00007f6efc678d84 in enable_paranoid_cb (object=0x561a4d147c80, result=0x561a4d173560, 
user_data=0x561a4d09d610) at ../src/libsysprof/sysprof-governor-source.c:290
    290                                             self->old_governor,
    [Current thread is 1 (Thread 0x7f6efae4b600 (LWP 122786))]
    (gdb) bt
    #0  0x00007f6efc678d84 in enable_paranoid_cb (object=0x561a4d147c80 [SysprofHelpers], 
result=0x561a4d173560, user_data=0x561a4d09d610) at ../src/libsysprof/sysprof-governor-source.c:290
    #1  0x00007f6efd51b389 in g_task_return_now (task=0x561a4d173560 [GTask]) at ../../../gio/gtask.c:1219
    #2  0x00007f6efd51becb in g_task_return (type=<optimized out>, task=0x561a4d173560 [GTask]) at 
../../../gio/gtask.c:1289
    #3  g_task_return (task=0x561a4d173560 [GTask], type=<optimized out>) at ../../../gio/gtask.c:1245
    #4  0x00007f6efc6a6060 in sysprof_helpers_set_paranoid_cb (object=0x561a4cf9df90 [IpcServiceProxy], 
result=0x561a4d1736e0, user_data=0x561a4d173560) at ../src/libsysprof/sysprof-helpers.c:788
    #5  0x00007f6efd51b389 in g_task_return_now (task=0x561a4d1736e0 [GTask]) at ../../../gio/gtask.c:1219
    #6  0x00007f6efd51becb in g_task_return (type=<optimized out>, task=0x561a4d1736e0 [GTask]) at 
../../../gio/gtask.c:1289
    #7  g_task_return (task=0x561a4d1736e0 [GTask], type=<optimized out>) at ../../../gio/gtask.c:1245
    #8  0x00007f6efd5830cb in reply_cb (connection=<optimized out>, res=<optimized out>, 
user_data=user_data@entry=0x561a4d1736e0) at ../../../gio/gdbusproxy.c:2568
    #9  0x00007f6efd51b389 in g_task_return_now (task=0x561a4d22b000 [GTask]) at ../../../gio/gtask.c:1219
    #10 0x00007f6efd51becb in g_task_return (type=<optimized out>, task=0x561a4d22b000 [GTask]) at 
../../../gio/gtask.c:1289
    #11 g_task_return (task=0x561a4d22b000 [GTask], type=<optimized out>) at ../../../gio/gtask.c:1245
    #12 0x00007f6efd577cbf in g_dbus_connection_call_done (source=<optimized out>, result=0x561a4d22b0c0, 
user_data=user_data@entry=0x561a4d22b000) at ../../../gio/gdbusconnection.c:5797
    #13 0x00007f6efd51b389 in g_task_return_now (task=0x561a4d22b0c0 [GTask]) at ../../../gio/gtask.c:1219
    #14 0x00007f6efd51b3c9 in complete_in_idle_cb (task=0x561a4d22b0c0) at ../../../gio/gtask.c:1233
    #15 0x00007f6efd32db84 in g_main_dispatch (context=0x561a4cb60af0) at ../../../glib/gmain.c:3381
    #16 g_main_context_dispatch (context=0x561a4cb60af0) at ../../../glib/gmain.c:4099
    #17 0x00007f6efd32df28 in g_main_context_iterate (context=context@entry=0x561a4cb60af0, 
block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../../../glib/gmain.c:4175
    #18 0x00007f6efd32dfdf in g_main_context_iteration (context=context@entry=0x561a4cb60af0, 
may_block=may_block@entry=1) at ../../../glib/gmain.c:4240
    #19 0x00007f6efd54a06d in g_application_run (application=0x561a4cb56120 [SysprofApplication], 
argc=<optimized out>, argv=<optimized out>) at ../../../gio/gapplication.c:2569
    #20 0x0000561a4b2edd14 in main (argc=1, argv=0x7ffddcebb708) at ../src/sysprof/sysprof.c:44
    (gdb) info locals
    helpers = 0x561a4d147c80 [SysprofHelpers]
    self = 0x0
    error = 0x0
    old_governor = -1
    __func__ = "enable_paranoid_cb"

 src/libsysprof/sysprof-governor-source.c | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)
---
diff --git a/src/libsysprof/sysprof-governor-source.c b/src/libsysprof/sysprof-governor-source.c
index 90192ad9..5277e01d 100644
--- a/src/libsysprof/sysprof-governor-source.c
+++ b/src/libsysprof/sysprof-governor-source.c
@@ -286,11 +286,18 @@ enable_paranoid_cb (GObject      *object,
   if (!self->disable_governor)
     sysprof_source_emit_finished (SYSPROF_SOURCE (self));
   else
-    sysprof_helpers_set_governor_async (helpers,
-                                        self->old_governor,
-                                        NULL,
-                                        enable_governor_cb,
-                                        g_steal_pointer (&self));
+    {
+      sysprof_helpers_set_governor_async (helpers,
+                                         self->old_governor,
+                                         NULL,
+                                         enable_governor_cb,
+                                         self);
+
+      /* Can't use g_steal_pointer above, as that might set self = NULL before
+       * self->old_governor is evaluated → crash
+       */
+      self = NULL;
+    }
 }
 
 static void
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]