Bug 760330 – idle-monitor-xsync: fix crash if watch callback removes different watch

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 760330 - idle-monitor-xsync: fix crash if watch callback removes different watch


Summary:	idle-monitor-xsync: fix crash if watch callback removes different watch


Status:	RESOLVED FIXED

Product:	mutter
Classification:	Core
Component:	general
Version:	unspecified
Hardware:	Other All

Importance:	Normal normal
Target Milestone:	---
Assigned To:	mutter-maint
QA Contact:	mutter-maint

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2016-01-08 18:24 UTC by Ray Strode [halfline]
Modified:	2016-01-11 16:25 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
idle-monitor-xsync: fix crash if watch callback removes different watch (5.93 KB, patch) 2016-01-08 18:24 UTC, Ray Strode [halfline]	none	Details \| Review
idle-monitor-xsync: fix crash if watch callback removes different watch (5.95 KB, patch) 2016-01-08 18:26 UTC, Ray Strode [halfline]	committed	Details \| Review

Description Ray Strode [halfline] 2016-01-08 18:24:47 UTC

Right now the XSync based idle monitoring code, will fetch all active
watches into a list, and then call their watch callbacks one by one
as necessary.  If one watch callback invalidates another watch, the
list will contain free'd memory.

This commit makes sure to consult the hash table after ever call
of a watch callback, to ensure mutter never looks at freed memory.

Fixes crash reported on IRC by Laine Stump with his synergy setup.

Comment 1 Ray Strode [halfline] 2016-01-08 18:24:51 UTC

Created attachment 318534 [details] [review]
idle-monitor-xsync: fix crash if watch callback removes different watch

Comment 2 Ray Strode [halfline] 2016-01-08 18:25:49 UTC

oh hang on, i manually frobbed the patch file when doing a test rpm build and didn't update git.

Comment 3 Ray Strode [halfline] 2016-01-08 18:26:56 UTC

Created attachment 318536 [details] [review]
idle-monitor-xsync: fix crash if watch callback removes different watch

Right now the XSync based idle monitoring code, will fetch all active
watches into a list, and then call their watch callbacks one by one
as necessary.  If one watch callback invalidates another watch, the
list will contain free'd memory.

This commit makes sure to consult the hash table after ever call
of a watch callback, to ensure mutter never looks at freed memory.

Fixes crash reported on IRC by Laine Stump with his synergy setup.

Comment 4 Rui Matos 2016-01-11 16:16:21 UTC

Review of attachment 318536 [details] [review]:

Looks good. See also bug 760476

Comment 5 Ray Strode [halfline] 2016-01-11 16:25:16 UTC

Attachment 318536 [details] pushed as 42b3a34 - idle-monitor-xsync: fix crash if watch callback removes different watch