From 19f389949c2e15eb52a27d7b6236ef8a9ab76e97 Mon Sep 17 00:00:00 2001
From: Aleksander Morgado <aleksander@aleksander.es>
Date: Mon, 4 Apr 2022 10:13:06 +0200
Subject: port-serial: ensure the port object is valid after BUFFER_FULL
 handling

The BUFFER_FULL signal handler is effectively working in the same way
as the response buffer processor, in both cases we may have scheduled
the completion of the serial command, and that in turn may end up
fully disposing the port object. We must make sure the port object is
valid for as long as we need it in this function, so we take a
reference while processing the response buffer.

Fixes https://gitlab.freedesktop.org/mobile-broadband/ModemManager/-/issues/535
---
 src/mm-port-serial.c | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

(limited to 'src')

diff --git a/src/mm-port-serial.c b/src/mm-port-serial.c
index 8b6e34ec..3dedcab6 100644
--- a/src/mm-port-serial.c
+++ b/src/mm-port-serial.c
@@ -1017,13 +1017,6 @@ common_input_available (MMPortSerial *self,
         serial_debug (self, "<--", buf, bytes_read);
         g_byte_array_append (self->priv->response, (const guint8 *) buf, bytes_read);
 
-        /* Make sure the response doesn't grow too long */
-        if ((self->priv->response->len > SERIAL_BUF_SIZE) && self->priv->spew_control) {
-            /* Notify listeners and then trim the buffer */
-            g_signal_emit (self, signals[BUFFER_FULL], 0, self->priv->response);
-            g_byte_array_remove_range (self->priv->response, 0, (SERIAL_BUF_SIZE / 2));
-        }
-
         /* See if we can parse anything. The response parsing may actually
          * schedule the completion of a serial command, and that in turn may end
          * up fully disposing this serial port object. In order to cope with
@@ -1032,6 +1025,13 @@ common_input_available (MMPortSerial *self,
          * we should be keeping this socket/iochannel source or not. */
         g_object_ref (self);
         {
+            /* Make sure the response doesn't grow too long */
+            if ((self->priv->response->len > SERIAL_BUF_SIZE) && self->priv->spew_control) {
+                /* Notify listeners and then trim the buffer */
+                g_signal_emit (self, signals[BUFFER_FULL], 0, self->priv->response);
+                g_byte_array_remove_range (self->priv->response, 0, (SERIAL_BUF_SIZE / 2));
+            }
+
             parse_response_buffer (self);
 
             /* If we didn't end up closing the iochannel/socket in the previous
-- 
cgit v1.2.3-70-g09d2