uclient: cancel state change timeout in uclient_disconnect()

When the uloop is ended right after the state change timeout has been
armed, the timeout will never be cancelled, without a way for the
libuclient user to clean up. When uclient_free() is then called on the
uclient context while the uloop is still live, the entry in uloop's timeout
list will be dangling, often resulting in a segfault when new timeouts are
added or the timeout list is cleaned up in uloop_done().

Fix this by cancelling the timeout in uclient_disconnect().

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>

diff --git a/uclient.c b/uclient.c
index a372d4a9dcbfff750c2dde1dba3fbf8497766307..ce76bcf0e5479c15a93bbb2eddfb3d7e70f8a614 100644 (file)
--- a/uclient.c
+++ b/uclient.c
@@ -372,6 +372,7 @@ int uclient_read(struct uclient *cl, char *buf, int len)
 void uclient_disconnect(struct uclient *cl)
 {
        uloop_timeout_cancel(&cl->connection_timeout);
+       uloop_timeout_cancel(&cl->timeout);
 
        if (!cl->backend->disconnect)
                return;