Comment 193 for bug 553745

Hi,

(In reply to comment #2)
> I think I've worked out what is going on here (and which caused me to
> raise the erroneous bug 42285):
great!

> In ply_event_loop_process_pending_events(),
> ply_event_loop_handle_timeouts() is being called *after* epoll_wait(),
> but ply_event_loop_handle_timeouts() may free event sources.
ah ha. So to be a little more specific, a timeout callback may call ply_event_loop_stop_watching_fd and if that fd became ready at the same time as the callback then crash would result.

> I can reliabily force plymouthd to SIGSEGV (in various parts of the
> code) by running the following:
>
> plymouth show-splash
> plymouth quit
In this case plymouth quit queues a callback to get called after the animation gets to an idle state, on_boot_splash_idle calls functions that ultimately stops watching the terminal fd. if that callback happens in the same iteration of the loop that the terminal fd becomes ready, then boom. Makes sense. Thanks for figuring this out.