On 2025/12/24 3:40, Joelle van Dyne wrote:
When `owner` == `mr`, `object_unparent` will crash:
object_unparent(mr) ->
object_property_del_child(mr, mr) ->
object_finalize_child_property(mr, name, mr) ->
object_unref(mr) ->
object_finalize(mr) ->
object_property_del_all(mr) ->
object_finalize_child_property(mr, name, mr) ->
object_unref(mr) ->
fail on g_assert(obj->ref > 0)
However, passing a different `owner` to `memory_region_init` is not
enough. `memory_region_ref` has an optimization where it takes a ref
only on the owner. It specifically warns against calling unparent on
the memory region. So we initialize the memory region first and then
patch in the owner with itself.
Patching outside system/memory.c can be fragile.
I think an object is being a child of itself, which doesn't make sense.
This can be avoided by passing NULL as name. The object will be an
orphan so it will have to be freed with object_unref() instead of
object_unparent().
Regards,
Akihiko Odaki
