Mercurial > pidgin

changeset 29649:99c9595e14a2

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Fix two related on-disconnect double frees. _purple_connection_destroy calls purple_proxy_connect_cancel_with_handle(gc), and both of these plugins use gc as the handle for their connection attempts. Their respective close() functions /also/ try to cancel the connection attempts, which leads to a double-free. One of these was reported by mati, the other by T_X.
author Paul Aurich <paul@darkrain42.org>
date Sun, 28 Mar 2010 18:08:38 +0000
parents 3b24193663bc
children 0646207f360f 7eb8c738634a
files libpurple/protocols/bonjour/jabber.c libpurple/protocols/qq/qq.c
diffstat 2 files changed, 6 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/libpurple/protocols/bonjour/jabber.c	Sat Mar 27 21:29:18 2010 +0000
+++ b/libpurple/protocols/bonjour/jabber.c	Sun Mar 28 18:08:38 2010 +0000
@@ -1185,6 +1185,9 @@
 		for (l = buddies; l; l = l->next) {
 			BonjourBuddy *bb = purple_buddy_get_protocol_data((PurpleBuddy*) l->data);
 			if (bb != NULL) {
+				/* Any ongoing connection attempt is cancelled
+				 * by _purple_connection_destroy */
+				bb->conversation->connect_data = NULL;
 				bonjour_jabber_close_conversation(bb->conversation);
 				bb->conversation = NULL;
 			}
--- a/libpurple/protocols/qq/qq.c	Sat Mar 27 21:29:18 2010 +0000
+++ b/libpurple/protocols/qq/qq.c	Sun Mar 28 18:08:38 2010 +0000
@@ -221,6 +221,9 @@
 		qd->connect_watcher = 0;
 	}
 
+	/* This is cancelled by _purple_connection_destroy */
+	qd->conn_data = NULL;
+
 	qq_disconnect(gc);
 
 	if (qd->redirect) g_free(qd->redirect);