Branch: refs/heads/master
Home: https://github.com/ibus/ibus
Commit: 0d153293b7a7a69796a61cd87832bbb583351778
https://github.com/ibus/ibus/commit/0d153293b7a7a69796a61cd87832bbb583351778
Author: Christophe Fergeau <[email protected]>
Date: 2014-06-06 (Fri, 06 Jun 2014)
Changed paths:
M conf/dconf/config.c
Log Message:
-----------
dconf: Fix GVariant refcounting in watch_func()
IBusConfigDConf::watch_func() is roughly doing:
GVariant *variant = dconf_client_read(...)
if (variant == NULL) {
variant = g_variant_new(...);
}
ibus_config_service_value_changed(..., variant);
g_variant_unref(variant);
The problem with that is that the GVariant returned by
dconf_client_read() is non-floating while the one returned by
g_variant_new() is floating.
Since ibus_config_service_value_changed() will take ownership of
floating references, we should not unref 'variant' if it was created
through g_variant_new(), but we must call it when 'variant' is created
through dconf_client_read() or we will leak memory.
This commit fixes that by making sure we sink the reference we got
through g_variant_new().
This was sometimes causing crashes of ibus-dconf when repeatedly running
tests/ibus-config:
(ibus-dconf:24679): GLib-CRITICAL **: g_variant_unref: assertion
'value->ref_count > 0' failed
==24679== Invalid read of size 4
==24679== at 0x572E140: g_variant_unref (gvariant-core.c:625)
==24679== by 0x572DBB3: g_variant_release_children (gvariant-core.c:257)
==24679== by 0x572E202: g_variant_unref (gvariant-core.c:640)
==24679== by 0x572DBB3: g_variant_release_children (gvariant-core.c:257)
==24679== by 0x572E202: g_variant_unref (gvariant-core.c:640)
==24679== by 0x518CFDE: g_dbus_message_finalize (gdbusmessage.c:534)
==24679== by 0x5459628: g_object_unref (gobject.c:3112)
==24679== by 0x519C911: message_to_write_data_free (gdbusprivate.c:898)
==24679== by 0x519D687: write_message_cb (gdbusprivate.c:1353)
==24679== by 0x510F7F2: g_simple_async_result_complete
(gsimpleasyncresult.c:763)
==24679== by 0x519CEF2: write_message_continue_writing (gdbusprivate.c:1077)
==24679== by 0x519D040: write_message_async (gdbusprivate.c:1131)
==24679== Address 0x5d8c9c4 is 36 bytes inside a block of size 40 free'd
==24679== at 0x4A07577: free (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==24679== by 0x56EDF6B: g_free (gmem.c:190)
==24679== by 0x5706B53: g_slice_free1 (gslice.c:1112)
==24679== by 0x572E229: g_variant_unref (gvariant-core.c:643)
==24679== by 0x40240F: _watch_func (config.c:232)
==24679== by 0x3DEA605D8B: ffi_call_unix64 (in /usr/lib64/libffi.so.6.0.1)
==24679== by 0x3DEA6056BB: ffi_call (in /usr/lib64/libffi.so.6.0.1)
==24679== by 0x544EE88: g_cclosure_marshal_generic_va (gclosure.c:1541)
==24679== by 0x544D396: _g_closure_invoke_va (gclosure.c:831)
==24679== by 0x5468808: g_signal_emit_valist (gsignal.c:3215)
==24679== by 0x54699DF: g_signal_emit (gsignal.c:3363)
==24679== by 0x4C1478D: dconf_client_dispatch_change_signal
(dconf-client.c:150)
BUG=http://code.google.com/p/ibus/issues/detail?id=1712
Review URL: https://codereview.appspot.com/107800044
Patch from Christophe Fergeau <[email protected]>.
--
--
You received this message because you are subscribed to the Google
Groups "ibus-devel" group.
iBus project web page: http://code.google.com/p/ibus/
iBus dev group: http://groups.google.com/group/ibus-devel?hl=en
---
You received this message because you are subscribed to the Google Groups
"ibus-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
