diff options
| author | Aleksander Morgado <aleksander@aleksander.es> | 2017-01-15 23:35:52 +0100 |
|---|---|---|
| committer | Aleksander Morgado <aleksander@aleksander.es> | 2017-01-15 23:40:00 +0100 |
| commit | e57f062e666b9a0686e38e3722664b4b2ac9658c (patch) | |
| tree | b9153f9010e7cb44808d7aebede50773d0e99aad | |
| parent | 3fb90a80ccbaa0ae006c6b70e09054ac4e8b64ba (diff) | |
libqmi-glib,device: fix segfault when cancellable already cancelled
Thread 1 received signal SIGSEGV, Segmentation fault.
0x00007ffff79c9105 in transaction_cancelled (cancellable=0x7fffe4009420, ctx=0x669a30) at qmi-device.c:268
268 tr->cancellable_id = 0;
The g_cancellable_connect() method will also call the given callback
when the input cancellable is already cancelled. This means that the
cancellation callback should also handle the case where the transaction
hasn't been stored in the tracking table yet.
Thanks to BenoƮt Donnette <benoit.donnette@21net.com> for the report and
the suggested fix.
https://bugs.freedesktop.org/show_bug.cgi?id=98283
| -rw-r--r-- | src/libqmi-glib/qmi-device.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/src/libqmi-glib/qmi-device.c b/src/libqmi-glib/qmi-device.c index 73453b60..d93044d1 100644 --- a/src/libqmi-glib/qmi-device.c +++ b/src/libqmi-glib/qmi-device.c @@ -265,6 +265,12 @@ transaction_cancelled (GCancellable *cancellable, GError *error = NULL; tr = device_release_transaction (ctx->self, ctx->key); + + /* The transaction may have already been cancelled before we stored it in + * the tracking table */ + if (!tr) + return; + tr->cancellable_id = 0; /* Complete transaction with an abort error */ @@ -301,6 +307,8 @@ device_store_transaction (QmiDevice *self, } if (tr->cancellable) { + /* Note: transaction_cancelled() will also be called directly if the + * cancellable is already cancelled */ tr->cancellable_id = g_cancellable_connect (tr->cancellable, (GCallback)transaction_cancelled, tr->wait_ctx, |