Good Morning Samuel, On Fri, Oct 08, 2010 at 11:39:09PM +0200, Samuel Ortiz wrote: > Hi Daniel, > > On Fri, Oct 08, 2010 at 05:31:49PM +0200, Daniel Wagner wrote: > > From: Daniel Wagner <[email protected]> > > > > __connman_counter_register registers with g_dbus_add_disconnect_watch > > only the disconnect function callback and not the connect > > function. > > > > When the the owner disconnects service_filter is called > > eventually. In service_filter filter_data_remove_callback is called > > twice (see backtrace below). This leads to a double free. > I think the issue you're hitting is because when the owner disconnects, > service_filter gets called and does 2 things: > > 1) It calls the call disconnect function: > > if (cb->disc_func) > cb->disc_func(connection, cb->user_data); > > which in our case is owner_disconnect(). The latter removes the counter from > the hash table, which then calls remove_counter() which eventually remove the > watch by calling g_dbus_remove_watch(). Eventually > filter_data_remove_callback() is called from there. > > 2) It calls filter_data_remove_callback() itself at line 484, with the same > data pointer that was used in 1). That causes the double free you're seeing. > > I can reproduce this bug by simply running test-counter and Ctrl-c'ing it. > > My fix for that issue is to not remove the watch from the remove counter > routine. When owner_disconnect is called, the watch will be removed so no need > to remove it twice. > The watch should only be removed when the counter is unregistered.
Thanks Samual for the explanation. Now I understand a bit more how it is supposed to work. My patch was only fixing the sympton not the cause. > We had the same issue in session.c by the way, I just pushed a fix for both of > them. Could you please give it a try ? I am unable to reproduce it anymore. @Raghu, you are the original bug reporter. Can you also test? thanks, daniel _______________________________________________ connman mailing list [email protected] http://lists.connman.net/listinfo/connman
