• Milan Crha's avatar
    Fix use-after-free when calling g_dbus_connection_flush_sync() · 822f8bae
    Milan Crha authored
    When the _g_dbus_worker_flush_sync() schedules the 'data' and releases
    the worker->write_lock, it is possible for the GDBus worker thread thread
    to finish the D-Bus call and acquire the worker->write_lock before
    the _g_dbus_worker_flush_sync() re-acquires it in the if (data != NULL) body.
    When that happens, the ostream_flush_cb() increases the worker->write_num_messages_flushed
    and then releases the worker->write_lock. The write lock is reacquired by
    the _g_dbus_worker_flush_sync(), which sees that the while condition is satisfied,
    thus it doesn't enter the loop body and immediately clears the data members and
    frees the data structure itself. The ostream_flush_cb() is still ongoing, possibly
    inside flush_data_list_complete(), where it accesses the FlushData, which can be
    in any stage of being freed.
    
    Instead, add an explicit boolean flag indicating when the flush is truly finished.
    
    Closes #1896
    822f8bae
Name
Last commit
Last update
.gitlab-ci Loading commit data...
docs Loading commit data...
fuzzing Loading commit data...
gio Loading commit data...
glib Loading commit data...
gmodule Loading commit data...
gobject Loading commit data...
gthread Loading commit data...
m4macros Loading commit data...
po Loading commit data...
subprojects Loading commit data...
tests Loading commit data...
.dir-locals.el Loading commit data...
.gitattributes Loading commit data...
.gitignore Loading commit data...
.gitlab-ci.yml Loading commit data...
AUTHORS Loading commit data...
CONTRIBUTING.md Loading commit data...
COPYING Loading commit data...
HACKING Loading commit data...
INSTALL.in Loading commit data...
NEWS Loading commit data...
NEWS.pre-1-3 Loading commit data...
README Loading commit data...
README.md Loading commit data...
README.rationale Loading commit data...
README.win32 Loading commit data...
README.win32.md Loading commit data...
check-abis.sh Loading commit data...
glib-gettextize.in Loading commit data...
glib.doap Loading commit data...
glib.supp Loading commit data...
meson.build Loading commit data...
meson_options.txt Loading commit data...
msvc_recommended_pragmas.h Loading commit data...
sanity_check Loading commit data...
template-tap.test.in Loading commit data...
template.test.in Loading commit data...