From: Kirill Shchetiniuk <kshcheti@redhat.com>
Date: Fri, 14 Mar 2025 11:51:19 +0000 (+0100)
Subject: ch: Fix refcounting in virCHEventHandlerLoop() and virCHStartEventHandler()
X-Git-Tag: v11.2.0-rc1~125
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fc201e0fcc720162fefdd12780fb6eee72d8e026;p=thirdparty%2Flibvirt.git

ch: Fix refcounting in virCHEventHandlerLoop() and virCHStartEventHandler()

When event handler thread is created inside of
virCHStartEventHandler() the monitor object is refed because the thread
(virCHEventHandlerLoop()) that's created in the very next step
uses it. But right after that, the monitor object is unrefed,
which is wrong because it takes away the reference which was
handed over to the thread. The monitor must be unrefed inside the
thread, when no longer needed.

And while at it, move the unref call of the domain object after
the debug print which obviously accesses the domain definition.

Signed-off-by: Kirill Shchetiniuk <kshcheti@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
---

diff --git a/src/ch/ch_events.c b/src/ch/ch_events.c
index 1cce30836a..2dd3e7ecc2 100644
--- a/src/ch/ch_events.c
+++ b/src/ch/ch_events.c
@@ -287,8 +287,9 @@ virCHEventHandlerLoop(void *data)
     }
 
     g_clear_pointer(&mon->event_buffer.buffer, g_free);
-    virObjectUnref(vm);
     VIR_DEBUG("%s: Event handler loop thread exiting", vm->def->name);
+    virObjectUnref(vm);
+    virObjectUnref(mon);
     return;
 }
 
@@ -308,7 +309,6 @@ virCHStartEventHandler(virCHMonitor *mon)
         virObjectUnref(mon);
         return -1;
     }
-    virObjectUnref(mon);
 
     g_atomic_int_set(&mon->event_handler_stop, 0);
     return 0;