Re: Bug#8482: Uninitialized memory read in gio.

[Sebastian Wilhelmi <wilhelmi ira uka de>]

Hi Owen,

> Hmmm, I don't think that would happen. To quote from gmain.c:
> 
>   /* Check to see what sources need to be dispatched */
> 
>   n_ready = 0;
> 
>   hook = g_hook_first_valid (&source_list, TRUE);
>   while (hook)
>     {
>       GSource *source = (GSource *)hook;
> 
>       if ((n_ready > 0) && (source->priority > current_priority))
>         {
>           g_hook_unref (&source_list, hook);
>           break;
>         }
> 
> So, we won't check any sources with priority > current_priority.
> (Note that priorities are like UNIX niceness values - numerically
> smaller values have greater priority.)

But that assumes, that whenever prepare of a source returns TRUE, check also
will return TRUE. I'm not sure, whether that is always the case. Otherwise
n_ready will stay zero and the loop won't be left before the priority is
decreased (I'm aware, tha higher values mean lower priority). 

>  1) The app is threaded, and a source is being added during
>     to the poll. (I think to handle this properly we
>     need another source flag like G_SOURCE_PREPARED, since
>     there is is supposed to be an invariant that
>     a source will be prepared before any call to ->check().

Ok, the threaded case might be the culprit too.
 
>  2) Someone is callign g_io_unix_add_watch() with
>     condition == NULL. This will produce the problem, since
>     in g_main_poll() we have:

Very unlikely, but that was my first therory too.
 
Bye,
Sebastian
-- 
Sebastian Wilhelmi                   |            här ovanför alla molnen
mailto:wilhelmi@ira.uka.de           |     är himmlen så förunderligt blå
http://goethe.ira.uka.de/~wilhelmi   |