Bug 694778 – IOSource and friends do wrong ref counting

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 694778 - IOSource and friends do wrong ref counting


Summary:	IOSource and friends do wrong ref counting


Status:	RESOLVED DUPLICATE of bug 561885

Product:	glibmm
Classification:	Bindings
Component:	io
Version:	2.35.x
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	---
Assigned To:	gtkmm-forge
QA Contact:	gtkmm-forge

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2013-02-27 01:41 UTC by Phillip Susi
Modified:	2013-03-04 18:14 UTC

See Also:
GNOME target:	---
GNOME version:	---

Description Phillip Susi 2013-02-27 01:41:50 UTC

IOSource and its friends are getting ref counting wrong.  The various create methods ( IoSource::create, TimeoutSource::create, etc ) return a RefPtr.  This RefPtr calls Source::unreference when it is destroyed to release the reference on the source object.  This in turn calls g_source_unref(gobject_).  This pointer is set to NULL by Source::destroy_notify_callback.

In other words, if the source is destroyed while the RefPtr still exists, for example, because the timeout returned false, then this NULLs the gobject_ pointer, loosing the g_source_object while it still has a reference count on it, and later when the RefPtr tries to release it, g_source_unref() complains because it is being called on a NULL pointer, and you now have a leaked object.

Comment 1 Kjell Ahlstedt 2013-03-04 18:14:46 UTC

This problem has been reported long ago in bug 561885, but it's really
difficult to find a good solution without changing glib.

*** This bug has been marked as a duplicate of bug 561885 ***