$OpenBSD: patch-gio_kqueue_kqueue-helper_c,v 1.3 2017/05/08 16:57:08 ajacoutot Exp $

Prevent a use-after-free resulting in a crash of all apps depending
on glib/GIO mostly at "pkg_add -u" time.
https://bugzilla.gnome.org/show_bug.cgi?id=739424

Index: gio/kqueue/kqueue-helper.c
--- gio/kqueue/kqueue-helper.c.orig
+++ gio/kqueue/kqueue-helper.c
@@ -43,7 +43,7 @@ static gboolean kh_debug_enabled = FALSE;
 #define KH_W if (kh_debug_enabled) g_warning
 
 static GHashTable *subs_hash_table = NULL;
-G_LOCK_DEFINE_STATIC (hash_lock);
+G_LOCK_DEFINE (hash_lock);
 
 static int kqueue_descriptor = -1;
 static int kqueue_socket_pair[] = {-1, -1};
@@ -291,10 +291,10 @@ process_kqueue_notifications (GIOChannel   *gioc,
 
   G_LOCK (hash_lock);
   sub = (kqueue_sub *) g_hash_table_lookup (subs_hash_table, GINT_TO_POINTER (n.fd));
-  G_UNLOCK (hash_lock);
 
   if (sub == NULL)
     {
+      G_UNLOCK (hash_lock);
       KH_W ("Got a notification for a deleted or non-existing subscription %d",
              n.fd);
       return TRUE;
@@ -336,6 +336,7 @@ process_kqueue_notifications (GIOChannel   *gioc,
         g_file_monitor_source_handle_event (source, mask, NULL, NULL, NULL, g_get_monotonic_time ());
     }
 
+  G_UNLOCK (hash_lock);
   return TRUE;
 }
 
@@ -451,13 +452,14 @@ _kh_start_watching (kqueue_sub *sub)
 
   G_LOCK (hash_lock);
   g_hash_table_insert (subs_hash_table, GINT_TO_POINTER (sub->fd), sub);
-  G_UNLOCK (hash_lock);
 
   _kqueue_thread_push_fd (sub->fd);
   
   /* Bump the kqueue thread. It will pick up a new sub entry to monitor */
   if (!_ku_write (kqueue_socket_pair[0], "A", 1))
     KH_W ("Failed to bump the kqueue thread (add fd, error %d)", errno);
+  G_UNLOCK (hash_lock);
+
   return TRUE;
 }
 
@@ -504,9 +506,7 @@ _kh_cancel_sub (kqueue_sub *sub)
 
   _km_remove (sub);
 
-  G_LOCK (hash_lock);
   removed = g_hash_table_remove (subs_hash_table, GINT_TO_POINTER (sub->fd));
-  G_UNLOCK (hash_lock);
 
   if (removed)
     {
