Fix a bug in iqs_check_timeout()
There was a possible segfault because g_slist_next() could be called with
a freed element. (Note: this function is never called yet, anyway...)
While I'm changing it, I'm changing the prototype so that iqs_check_timeout()
takes now_t as a parameter; it will save a time() call.
--- a/mcabber/src/jab_iq.c Sat Feb 18 12:05:46 2006 +0100
+++ b/mcabber/src/jab_iq.c Sat Feb 18 15:04:17 2006 +0100
@@ -124,16 +124,18 @@
return 0;
}
-void iqs_check_timeout(void)
+void iqs_check_timeout(time_t now_t)
{
GSList *p;
iqs *i;
- time_t now_t;
- time(&now_t);
+ p = iqs_list;
+ while (p) {
+ i = p->data;
+ // We must get next iqs element now because the current one
+ // could be freed.
+ p = g_slist_next(p);
- for (p = iqs_list; p; p = g_slist_next(p)) {
- i = p->data;
if ((!i->ts_expire && now_t > i->ts_create + IQS_MAX_TIMEOUT) ||
(i->ts_expire && now_t > i->ts_expire)) {
iqs_callback(i->id, NULL, IQS_CONTEXT_TIMEOUT);
--- a/mcabber/src/jab_priv.h Sat Feb 18 12:05:46 2006 +0100
+++ b/mcabber/src/jab_priv.h Sat Feb 18 15:04:17 2006 +0100
@@ -20,7 +20,7 @@
};
-#define IQS_DEFAULT_TIMEOUT 40
+#define IQS_DEFAULT_TIMEOUT 90
#define IQS_MAX_TIMEOUT 600
#define IQS_CONTEXT_RESULT 0 /* Normal result should be zero */
@@ -48,7 +48,7 @@
iqs *iqs_new(guint8 type, const char *ns, const char *prefix, time_t timeout);
int iqs_del(const char *iqid);
int iqs_callback(const char *iqid, xmlnode xml_result, guint iqcontext);
-void iqs_check_timeout(void);
+void iqs_check_timeout(time_t now_t);
void iqscallback_auth(iqs *iqp, xmlnode xml_result);
void request_version(const char *fulljid);
void request_time(const char *fulljid);