[Pkg-xfce-devel] Bug#642397: Bug#642397: xfce4-power-manager: Segfault when docking

Jö Fahlke jorrit at jorrit.de
Sat Oct 22 20:57:31 UTC 2011


tags 642397 +patch
thanks

Hi!

The problem, as far as I figured it out, is apparently twofold:

 1. At some point xfpm_battery_notify() is called with some XfpmBattery
    object.  If notifications are enabled, it will add a source with idle
    priority which holds a pointer to this object and has
    xfpm_battery_notify_idle() as its callback function.

 2. After xfpm_battery_notify() returns, the XfpmBattery object is entered
    into some hash table.

 3. Later the source invokes xfpm_battery_notify_idle().  The XfpmBattery
    object that is passed as an argument is usually valid.  But sometimes it
    has a reference count of 0 and priv == NULL.

What happens is that sometimes XfpmBattery object is removed from the hash and
freed between 2. and 3.  Apparently my hal sends an add and an remove message
for the same battery immediately after each other.

The attached patch fixes this by calling g_object_ref() on the
XfpmBatteryObject in xfpm_battery_notify() before g_idle_add() is called to
add the source.  The corresponding unref happens unconditionally in
xfpm_battery_notify_idle() -- that function returns FALSE, which means the
source holding the pointer to the XfpmBattery object is removed after it's
callback returns.

Please, somebody review this patch, I'm really quite new to glib and gobject
-- I may have easily overlooked something, or violated some convention.
(Like: is the source's callback always called, or are there cases where the
source gets removed without beeing called?  That would create a memory leak.)

Anyway, I'm going to run the patched xfpm for a while and will report back if
notice any further problems.

Bye,
Jö.

-- 
Jorrit (Jö) Fahlke, Interdisciplinary Center for Scientific Computing,
Heidelberg University, Im Neuenheimer Feld 368, D-69120 Heidelberg
Tel: +49 6221 54 8890 Fax: +49 6221 54 8884

In the beginning the Universe was created.  This has made a lot of
people very angry and been widely regarded as a bad move.
-- Douglas Adams
-------------- next part --------------
A non-text attachment was scrubbed...
Name: segfault.patch
Type: text/x-diff
Size: 1687 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-xfce-devel/attachments/20111022/917f05cd/attachment.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 828 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-xfce-devel/attachments/20111022/917f05cd/attachment.pgp>


More information about the Pkg-xfce-devel mailing list