Hi Martin,
<snip>
My theory is this:
* The main loop has (at least) two pending sources:
1) a gatchat callback to e.g. a plugin CFUN=0 command
2) rx data ready on the cmux uart channel
* The main loop calls the plugin callback first, where g_at_mux_unref()
is called
* The main loop then calls the mux->read_watch callback, where the
(freed) cmux object is dereferrenced.
Hmm, I think it is a little simpler than that...?
You have data on CMUX that we process inside dispatch_sources. This in
fact calls into GAtIO and thus GAtChat. GAtChat callback results in
g_at_mux_unref which destroys the object. But dispatch_sources is still
running.
An easy fix would be to defer calling g_at_mux_unref until the next
event loop iteration (e.g. via l_idle_oneshot).
Alternatively, taking a reference to g_at_mux at the beginning of
received_data and dropping it at the end might also do the trick.
Regards,
-Denis
_______________________________________________
ofono mailing list
ofono@ofono.org
https://lists.ofono.org/mailman/listinfo/ofono
