From ec37e18c64ac480fc7c7699e45005894c27c8416 Mon Sep 17 00:00:00 2001 From: Thomas Haller Date: Thu, 25 Oct 2018 12:08:47 +0200 Subject: [PATCH] libnm: fix crash in activate_info_complete() when cancelling We must disconnect ActivateInfo before invoking callbacks. Otherwise, it can happen that the callee cancels the cancellable, which in turn enters activate_info_complete() again, and leads to a crash. https://bugzilla.redhat.com/show_bug.cgi?id=1642625 --- libnm/nm-manager.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/libnm/nm-manager.c b/libnm/nm-manager.c index aac120c6e..a54251274 100644 --- a/libnm/nm-manager.c +++ b/libnm/nm-manager.c @@ -885,22 +885,20 @@ activate_info_complete (ActivateInfo *info, NMActiveConnection *active, GError *error) { + nm_clear_g_signal_handler (info->cancellable, &info->cancelled_id); + + c_list_unlink_stale (&info->lst); + if (active) g_simple_async_result_set_op_res_gpointer (info->simple, g_object_ref (active), g_object_unref); else g_simple_async_result_set_from_error (info->simple, error); g_simple_async_result_complete (info->simple); - c_list_unlink_stale (&info->lst); - g_free (info->active_path); g_free (info->new_connection_path); g_object_unref (info->simple); - if (info->cancellable) { - if (info->cancelled_id) - g_signal_handler_disconnect (info->cancellable, info->cancelled_id); - g_object_unref (info->cancellable); - } + nm_g_object_unref (info->cancellable); g_slice_free (ActivateInfo, info); }