From 72d107e543aeb8766140f258f48bda8bca88343d Mon Sep 17 00:00:00 2001 From: dequis Date: Thu, 19 Nov 2015 13:44:29 -0300 Subject: mqtt: fix segfaults after disconnecting on write Any call to fb_mqtt_write() can result in an error writing to the socket, which means fb_mqtt_close() can be called and the mqtt object is invalidated. Trying to write priv->tev = 0 at that point is a small invalid write, but not enough to make it crash. The real problem is fb_mqtt_timeout(), which adds a 90 second delay after which it *does* crash, often when a different account already finished logging. The fix here takes advantage of the cleanup done by fb_mqtt_close() - by adding the timeout before that call, it will find a nonzero priv->tev and remove it. --- facebook/facebook-mqtt.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/facebook/facebook-mqtt.c b/facebook/facebook-mqtt.c index ab3589c..55fd177 100644 --- a/facebook/facebook-mqtt.c +++ b/facebook/facebook-mqtt.c @@ -304,12 +304,13 @@ fb_mqtt_cb_ping(gpointer data, gint fd, b_input_condition cond) FbMqttMessage *msg; FbMqttPrivate *priv = mqtt->priv; + priv->tev = 0; + fb_mqtt_timeout(mqtt); + msg = fb_mqtt_message_new(FB_MQTT_MESSAGE_TYPE_PINGREQ, 0); fb_mqtt_write(mqtt, msg); g_object_unref(msg); - priv->tev = 0; - fb_mqtt_timeout(mqtt); return FALSE; } -- cgit v1.2.3