• Adrian Szyndela's avatar
    DBusCounter: add a mutex to protect the refcount and notify function · bbef8e40
    Adrian Szyndela authored
    The overall problem here is that DBusCounter is indirectly linked
    to a DBusConnection, but is not actually guaranteed to be protected by
    that connection's mutex; and a DBusMessage can carry a reference to the
    DBusCounter, resulting in freeing that DBusMessage having an effect on
    the DBusCounter.
    
    Making the refcount atomic would not be a sufficient fix, since it would
    not protect the notify function: _dbus_counter_notify() could be called
    indirectly by dbus_message_unref(), in an arbitrary thread that does not
    hold the DBusConnection's lock, at the same time that the holder
    of the DBusConnection lock calls _dbus_transport_set_max_message_size().
    
    [smcv: added commit message]
    Bug: https://bugs.freedesktop.org/show_bug.cgi?id=89297Reviewed-by: default avatarSimon McVittie <simon.mcvittie@collabora.co.uk>
    bbef8e40
dbus-resources.c 8.85 KB