GSocketListener memory corruption
Submitted by Ole André Vadla Ravnås
Link to original bug (#748382)
Description
Created attachment 302261 gsocketlistener: Fix memory corruption
The implementation of g_socket_listener_accept_socket_async() assumes that the task will get destroyed before returning from accept_ready(), and hence it can just tie the life-time of the sources to the life- time of the task, and drop the task reference before returning from accept_ready(). However, if an idle source has to be scheduled in order to deliver the task's result, this means that the task, and consequently also its sources, will stay alive a bit longer. By doing so, additional callbacks to accept_ready() may happen in the meantime, i.e. more than one socket might be ready for dispatching, and it will start dropping references it doesn't own.
Patch 302261, "gsocketlistener: Fix memory corruption":
0001-gsocketlistener-Fix-memory-corruption.patch
Version: 2.44.x