Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(45)
Issues Repositories Search
Open Issues | Closed Issues | All Issues | Sign in with your Google Account to create issues and add comments

Issue 107800044: dconf: Fix GVariant refcounting in watch_func() (Closed)

Can't Edit
Can't Publish+Mail
Start Review
Created:
11 years, 8 months ago by fujiwara
Modified:
11 years, 8 months ago
Reviewers:
shawn.p.huang, Peng
CC:
shawn.p.huang_gmail.com, fujiwara, cfergeau_redhat.com
Base URL:
git://github.com/ibus/ibus.git@master
Visibility:
Public.

Description

dconf: Fix GVariant refcounting in watch_func() IBusConfigDConf::watch_func() is roughly doing: GVariant *variant = dconf_client_read(...) if (variant == NULL) { variant = g_variant_new(...); } ibus_config_service_value_changed(..., variant); g_variant_unref(variant); The problem with that is that the GVariant returned by dconf_client_read() is non-floating while the one returned by g_variant_new() is floating. Since ibus_config_service_value_changed() will take ownership of floating references, we should not unref 'variant' if it was created through g_variant_new(), but we must call it when 'variant' is created through dconf_client_read() or we will leak memory. This commit fixes that by making sure we sink the reference we got through g_variant_new(). This was sometimes causing crashes of ibus-dconf when repeatedly running tests/ibus-config: (ibus-dconf:24679): GLib-CRITICAL **: g_variant_unref: assertion 'value->ref_count > 0' failed ==24679== Invalid read of size 4 ==24679== at 0x572E140: g_variant_unref (gvariant-core.c:625) ==24679== by 0x572DBB3: g_variant_release_children (gvariant-core.c:257) ==24679== by 0x572E202: g_variant_unref (gvariant-core.c:640) ==24679== by 0x572DBB3: g_variant_release_children (gvariant-core.c:257) ==24679== by 0x572E202: g_variant_unref (gvariant-core.c:640) ==24679== by 0x518CFDE: g_dbus_message_finalize (gdbusmessage.c:534) ==24679== by 0x5459628: g_object_unref (gobject.c:3112) ==24679== by 0x519C911: message_to_write_data_free (gdbusprivate.c:898) ==24679== by 0x519D687: write_message_cb (gdbusprivate.c:1353) ==24679== by 0x510F7F2: g_simple_async_result_complete (gsimpleasyncresult.c:763) ==24679== by 0x519CEF2: write_message_continue_writing (gdbusprivate.c:1077) ==24679== by 0x519D040: write_message_async (gdbusprivate.c:1131) ==24679== Address 0x5d8c9c4 is 36 bytes inside a block of size 40 free'd ==24679== at 0x4A07577: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==24679== by 0x56EDF6B: g_free (gmem.c:190) ==24679== by 0x5706B53: g_slice_free1 (gslice.c:1112) ==24679== by 0x572E229: g_variant_unref (gvariant-core.c:643) ==24679== by 0x40240F: _watch_func (config.c:232) ==24679== by 0x3DEA605D8B: ffi_call_unix64 (in /usr/lib64/libffi.so.6.0.1) ==24679== by 0x3DEA6056BB: ffi_call (in /usr/lib64/libffi.so.6.0.1) ==24679== by 0x544EE88: g_cclosure_marshal_generic_va (gclosure.c:1541) ==24679== by 0x544D396: _g_closure_invoke_va (gclosure.c:831) ==24679== by 0x5468808: g_signal_emit_valist (gsignal.c:3215) ==24679== by 0x54699DF: g_signal_emit (gsignal.c:3363) ==24679== by 0x4C1478D: dconf_client_dispatch_change_signal (dconf-client.c:150) BUG=http://code.google.com/p/ibus/issues/detail?id=1712

Patch Set 1 #

Patch Set 2 : Updated with the latest master. #

Unified diffs Side-by-side diffs Delta from patch set Stats (+1 line, -0 lines) Patch
M conf/dconf/config.c View 1 1 chunk +1 line, -0 lines 0 comments Download

Messages

Total messages: 2
fujiwara
11 years, 8 months ago (2014-06-04 08:03:27 UTC) #1
Peng
11 years, 8 months ago (2014-06-05 14:17:36 UTC) #2 
On 2014/06/04 08:03:27, fujiwara wrote:

lgtm
Sign in to reply to this message.

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld f62528b