From e91bedd4cb5c78f31b422bc0ccd9cbb75acf70e4 Mon Sep 17 00:00:00 2001 From: sangelovic Date: Thu, 2 Apr 2020 20:46:38 +0200 Subject: [PATCH] Fix #92: CallData race condition in Proxy::callMethod --- src/Proxy.cpp | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/Proxy.cpp b/src/Proxy.cpp index 0718f9e..82fa933 100644 --- a/src/Proxy.cpp +++ b/src/Proxy.cpp @@ -200,13 +200,15 @@ int Proxy::sdbus_async_reply_handler(sd_bus_message *sdbusMessage, void *userDat assert(asyncCallData != nullptr); assert(asyncCallData->callback); auto& proxy = asyncCallData->proxy; + auto slot = asyncCallData->slot.get(); SCOPE_EXIT { - // Slot may be null if we're doing blocking synchronous call implemented by means of asynchronous call, - // because in that case the call data is still alive on the stack, we don't need to manage it separately. - if (asyncCallData->slot) - proxy.pendingAsyncCalls_.removeCall(asyncCallData->slot.get()); + // Slot will be nullptr in case of synchronous call. In that case, the call data lives on the call stack, + // in another thread. But that thread may have already been woken up by now and cleared its call stack, + // so we can't access asyncCallData here. Hence we save the slot pointer at the beginning of this function. + if (slot) + proxy.pendingAsyncCalls_.removeCall(slot); }; auto message = Message::Factory::create(sdbusMessage, &proxy.connection_->getSdBusInterface());