libqmi-glib,device: fix segfault when cancellable already cancelled

    Thread 1 received signal SIGSEGV, Segmentation fault.
    0x00007ffff79c9105 in transaction_cancelled (cancellable=0x7fffe4009420, ctx=0x669a30) at qmi-device.c:268
    268	    tr->cancellable_id = 0;

The g_cancellable_connect() method will also call the given callback
when the input cancellable is already cancelled. This means that the
cancellation callback should also handle the case where the transaction
hasn't been stored in the tracking table yet.

Thanks to Benoît Donnette <benoit.donnette@21net.com> for the report and
the suggested fix.

https://bugs.freedesktop.org/show_bug.cgi?id=98283
(cherry picked from commit e57f062e666b9a0686e38e3722664b4b2ac9658c)

1 files changed, 8 insertions, 0 deletions

diff --git a/src/libqmi-glib/qmi-device.c b/src/libqmi-glib/qmi-device.c
index ad769fb..bcd2799 100644
--- a/src/libqmi-glib/qmi-device.c
+++ b/src/libqmi-glib/qmi-device.c
@@ -254,6 +254,12 @@ transaction_cancelled (GCancellable *cancellable,
     GError *error = NULL;
 
     tr = device_release_transaction (ctx->self, ctx->key);
+
+    /* The transaction may have already been cancelled before we stored it in
+     * the tracking table */
+    if (!tr)
+        return;
+
     tr->cancellable_id = 0;
 
     /* Complete transaction with an abort error */
@@ -291,6 +297,8 @@ device_store_transaction (QmiDevice *self,
     g_source_unref (tr->timeout_source);
 
     if (tr->cancellable) {
+        /* Note: transaction_cancelled() will also be called directly if the
+         * cancellable is already cancelled */
         tr->cancellable_id = g_cancellable_connect (tr->cancellable,
                                                     (GCallback)transaction_cancelled,
                                                     tr->wait_ctx,