[PATCH] service: Ref service for connect_timeout()

Thu, 30 Jul 2015 07:57:08 -0700 

From: Peter Meerwald <p.meerw...@bct-electronic.com>

we are seeing segfaults when connect_timeout() is called

(gdb) bt
0  0xb6f20f84 in g_str_hash () from /usr/lib/libglib-2.0.so.0
1  0xb6f20aa8 in g_hash_table_lookup_extended ()
   from /usr/lib/libglib-2.0.so.0
2  0x0003e87c in allow_property_changed (service=0xda220)
    at src/service.c:4428
3  0x0003effc in dns_changed (service=0xda220) at src/service.c:1950
4  0x000454ac in service_indicate_state (service=0xda220)
    at src/service.c:5441
5  __connman_service_ipconfig_indicate_state (service=0xda220,
    new_state=<optimized out>, type=<optimized out>) at src/service.c:5806
6  0x00037c58 in set_disconnected (network=0xd3c40) at src/network.c:677
7  0x00038784 in __connman_network_disconnect (network=0xd3c40)
    at src/network.c:1507
8  0x000460f8 in connect_timeout (user_data=0xda220) at src/service.c:3955
9  0xb6f2c3d4 in ?? () from /usr/lib/libglib-2.0.so.0
10 0xb6f2c3d4 in ?? () from /usr/lib/libglib-2.0.so.0
Backtrace stopped: previous frame identical to this frame (corrupt stack?)

the refcount goes to zero while still processing connect_timeout()
---
 src/service.c |    5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/service.c b/src/service.c
index 921a0e4..28aff36 100644
--- a/src/service.c
+++ b/src/service.c
@@ -3855,6 +3855,7 @@ static void remove_timeout(struct connman_service 
*service)
        if (service->timeout > 0) {
                g_source_remove(service->timeout);
                service->timeout = 0;
+               connman_service_unref(service);
        }
 }
 
@@ -3977,6 +3978,8 @@ static gboolean connect_timeout(gpointer user_data)
                                CONNMAN_SERVICE_CONNECT_REASON_USER)
                
__connman_service_auto_connect(CONNMAN_SERVICE_CONNECT_REASON_AUTO);
 
+       connman_service_unref(service);
+
        return FALSE;
 }
 
@@ -6026,7 +6029,7 @@ int __connman_service_connect(struct connman_service 
*service,
        if (err == -EINPROGRESS) {
                if (service->timeout == 0)
                        service->timeout = g_timeout_add_seconds(
-                               CONNECT_TIMEOUT, connect_timeout, service);
+                               CONNECT_TIMEOUT, connect_timeout, 
connman_service_ref(service));
 
                return -EINPROGRESS;
        }
-- 
1.7.10.4

_______________________________________________
connman mailing list
connman@connman.net
https://lists.connman.net/mailman/listinfo/connman

Reply via email to