The Sound Menu

free-memory-read crash in indicator-sound-service's file monitoring

Bug #965848 reported by Charles Kerr
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
The Sound Menu
Fix Released
Medium
Charles Kerr
The Sound Menu 0.8.5

Bug Description

Okay, this is a fun one.

Found while investigating lp bug #949837 ... the closure in establish_file_monitoring() has some interesting behavior. The lambda function's variable "monitor" is bound to the lifespan of the "changed" signal that owns it, meaning that destroying the FileMonitor unconnects that signal which in turn tickles some valac-generated code that tries to kill "monitor" again.

The workaround has two parts:

1. Create a local *unowned* copy of "monitor" for use in the closure. This prevents the closure from holding onto a reference, solving the problem of it trying to free the monitor whenever it gets freed.

2. Since the first step removed our closure's reference to FileMonitor, the monitor is freed at the end of establish_file_monitoring() s.t. no monitoring is established. ;) Manually add a refcount to prevent this... this ref is balanced out by the unref in relevant_desktop_file_changed().

Related branches

lp:~charlesk/indicator-sound/remove-interested-client
Conor Curran (community): Approve
Diff: 98 lines (+33/-25)
2 files modified
src/music-player-bridge.vala (+15/-11)
src/settings-manager.vala (+18/-14)
lp:indicator-sound/fifth
lp:ubuntu/lucid/indicator-sound (Merged)
lp:ubuntu/precise/indicator-sound
Charles Kerr (charlesk)
Changed in indicator-sound:
status: In Progress → Fix Committed
Conor Curran (cjcurran)
Changed in indicator-sound:
milestone: none → 0.8.5
Conor Curran (cjcurran)
Changed in indicator-sound:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.