calling g_object_unref(session) after soup_session_cancel_message()/soup_session_abort() can make crash while processing soup_session_send_message() in sync session.
Submitted by Sungwon Chung
Assigned to libsoup-maint@gnome.bugs
Link to original bug (#651032)
Description
If the g_object_unref(session) is called right after soup_session_cancel_message() or soup_session_abort() in a thread, the thread which soup_session_send_message() is running could be crashed by accessing session object which is freed already by g_object_unref(). The soup_session_send_message() in sync session doesn't increase session reference count before passing it to queue_message(). Because of that, the library will lost its reference of the session if the session is unreffed in another thread. To protect this problem, the session reference count should be increased before calling queue_message().
Version: 2.34.x