[Adium-devl] g_string_free() and me (aka gaim [17165] doesn't like Adium)

Christopher Forsythe chris at glowingbulb.com
Mon Sep 11 21:00:17 UTC 2006 

Just tested it, it's up:

http://trac.adiumx.com/changeset/17711

Chris

On Sep 11, 2006, at 3:54 PM, Evan Schoenberg wrote:

> Sigh, I'll commit this whenever trac and svn decide to work again.   
> I can't keep checking, so if someone would email me or text message  
> me when they're up, I'd appreciate it.
>
> On Sep 11, 2006, at 4:49 PM, Evan Schoenberg wrote:
>
>> Okay, found the problem and fixed it.  What a headache.
>>
>> The problem was purely in Adium's adiumGaimEventloop code... but  
>> nothing before [17165] had ever triggered the exact situation,  
>> which was:
>> 1) Non-blocking write condition triggers its socket callback
>> 2) That socket callback triggers a prpl callback which adds a read  
>> condition on the same fd
>> 3) That socket callback does a gaim_source_remove() on the write  
>> callback's tag
>> 4) That socket callback then free()'s the data associated with the  
>> write callback (but not the read callback, obviously)
>>
>>
>> (2) means that the socket was converted from write-only to read/ 
>> write (because the write condition hadn't yet been  removed.
>> (3) then removed the write part of the read/write... which in code  
>> that had previously never been touched (and was written when I was  
>> fixing our handling of nonblocking sockets in the first place),  
>> called CFSocketDisableCallBacks(socket, kCFSocketWriteCallBack) so  
>> that the socket would remain around but only trigger for the next  
>> read condition.
>>
>> Unfortunately, CFSocketDisableCallBacks() appears to be a no- 
>> op.... the socket callback was indeed called again, with a write  
>> callback signature, as soon as data was available to be written.   
>> This triggered a return to (1) above... which besides wrecking  
>> havoc on the connect process (you could see this in Jabber's  
>> "Connected." message appearing twice in rapid succession) led to a  
>> double-free() at (4).
>>
>> Disabling the auto-reenabling of callbacks with CFSocketSetFlags()  
>> before calling CFSocketDisableCallBacks() doesn't make a difference.
>>
>> Solution: Invalidate, release, and create from scratch the socket  
>> when converting from read/write to read-only or write-only.  This  
>> mirrors how we convert a read-only or write-only socket to read/ 
>> write in the first place.
>>
>> -Evan
>> _______________________________________________
>> Adium-devl mailing list
>> Adium-devl at adiumx.com
>> http://adiumx.com/mailman/listinfo/adium-devl_adiumx.com
>
> _______________________________________________
> Adium-devl mailing list
> Adium-devl at adiumx.com
> http://adiumx.com/mailman/listinfo/adium-devl_adiumx.com

More information about the devel mailing list