GNOME Bugzilla – Bug 615078
gi/function.c misuses g_callable_info_prepare_closure(), causing crashes
Last modified: 2010-04-07 23:47:43 UTC
gi/function.c uses g_callable_info_prepare_closure() to allocate closures, but then frees them using munmap(), contrary to the g_callable_info_prepare_closure() docs which say you have to use g_callable_info_free_closure(). (Admittedly, it used to say that you had to use _prepare_closure to free the closure as well, but it was obvious what it *meant*.) After the change to use ffi_closure_alloc() in _prepare_closure(), this now makes gjs crash after invoking a callback (except, for some reason, on x86_64). Fixing this is a bit of a mess because invoke_info->closure is *sometimes* created by g_callable_info_prepare_closure, but sometimes created by hand, and so we'd need to free it differently in the two cases. (And the created-by-hand case for destroynotifies needs to be fixed to use ffi_closure_alloc() as well.)
Created attachment 158141 [details] [review] simple fix
Created attachment 158152 [details] [review] Fix ffi_closure usage updated with a real commit message, and fixed to use ffi_prep_closure_loc() as well.
Review of attachment 158152 [details] [review]: Looks good.
Attachment 158152 [details] pushed as 87077da - Fix ffi_closure usage