obexd/session: Fix crash while processing command queue

session_process_queue can call a callback which can cause the session to
be freed:
Invalid write of size 4
   at 0x4265C9: session_process (session.c:716)
   by 0x3D46047E05: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.3600.3)
   by 0x3D46048157: ??? (in /usr/lib64/libglib-2.0.so.0.3600.3)
   by 0x3D46048559: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.3600.3)
   by 0x40D55C: main (main.c:319)
 Address 0x4d658a8 is 104 bytes inside a block of size 120 free'd
   at 0x4A074C4: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
   by 0x3D4604D9AE: g_free (in /usr/lib64/libglib-2.0.so.0.3600.3)
   by 0x4265B1: session_process_queue (session.c:794)
   by 0x4265C8: session_process (session.c:714)
   by 0x3D46047E05: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.3600.3)
   by 0x3D46048157: ??? (in /usr/lib64/libglib-2.0.so.0.3600.3)
   by 0x3D46048559: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.3600.3)
   by 0x40D55C: main (main.c:319)

diff --git a/obexd/client/session.c b/obexd/client/session.c
index 331d23d..48016c4 100644 (file)
--- a/obexd/client/session.c
+++ b/obexd/client/session.c
@@ -711,10 +711,10 @@ static gboolean session_process(gpointer data)
 {
        struct obc_session *session = data;
 
-       session_process_queue(session);
-
        session->process_id = 0;
 
+       session_process_queue(session);
+
        return FALSE;
 }