mystifyingyouth / rpms / polkit

Forked from rpms/polkit 2 years ago
Clone
Blob Blame History Raw
commit 983e8ec37b0ec1cc5114cb9ca49cf558dedfb31e
Author: Miloslav Trmač <mitr@redhat.com>
Date:   Tue Jul 1 20:00:48 2014 +0200

    Don't pass an uninitialized JS parameter
    
    Don't pass argc==3 when using a 2-member array in
    polkit_backend_js_authority_check_authorization_sync .  To avoid such
    problems in the future, use G_N_ELEMENTS in both similar callers.
    
    https://bugs.freedesktop.org/show_bug.cgi?id=69501

diff --git a/src/polkitbackend/polkitbackendjsauthority.c b/src/polkitbackend/polkitbackendjsauthority.c
index c232573..c7a29e0 100644
--- a/src/polkitbackend/polkitbackendjsauthority.c
+++ b/src/polkitbackend/polkitbackendjsauthority.c
@@ -1074,7 +1074,7 @@ polkit_backend_js_authority_get_admin_auth_identities (PolkitBackendInteractiveA
 
   if (!call_js_function_with_runaway_killer (authority,
                                              "_runAdminRules",
-                                             2,
+                                             G_N_ELEMENTS (argv),
                                              argv,
                                              &rval))
     {
@@ -1179,7 +1179,7 @@ polkit_backend_js_authority_check_authorization_sync (PolkitBackendInteractiveAu
 
   if (!call_js_function_with_runaway_killer (authority,
                                              "_runRules",
-                                             3,
+                                             G_N_ELEMENTS (argv),
                                              argv,
                                              &rval))
     {

commit a97672540c66c03ed392fc072f0c682281f08989
Author: Miloslav Trmač <mitr@redhat.com>
Date:   Tue Jul 1 20:00:48 2014 +0200

    Don't add extra NULL group to subject.groups
    
    The NULL “terminator” of ‘groups’ was being passed to JavaScript.  Drop
    it, and simplify by leting set_property_strv use the GPtrArray directly
    instead of the extra conversions “into” a strv and a completely dead
    g_strv_length().
    
    https://bugs.freedesktop.org/show_bug.cgi?id=69501

diff --git a/src/polkitbackend/polkitbackendjsauthority.c b/src/polkitbackend/polkitbackendjsauthority.c
index c7a29e0..efb07a9 100644
--- a/src/polkitbackend/polkitbackendjsauthority.c
+++ b/src/polkitbackend/polkitbackendjsauthority.c
@@ -659,26 +659,22 @@ static void
 set_property_strv (PolkitBackendJsAuthority  *authority,
                    JSObject                  *obj,
                    const gchar               *name,
-                   const gchar *const        *value,
-                   gssize                     len)
+                   GPtrArray                 *value)
 {
   jsval value_jsval;
   JSObject *array_object;
   jsval *jsvals;
   guint n;
 
-  if (len < 0)
-    len = g_strv_length ((gchar **) value);
-
-  jsvals = g_new0 (jsval, len);
-  for (n = 0; n < len; n++)
+  jsvals = g_new0 (jsval, value->len);
+  for (n = 0; n < value->len; n++)
     {
       JSString *jsstr;
-      jsstr = JS_NewStringCopyZ (authority->priv->cx, value[n]);
+      jsstr = JS_NewStringCopyZ (authority->priv->cx, g_ptr_array_index(value, n));
       jsvals[n] = STRING_TO_JSVAL (jsstr);
     }
 
-  array_object = JS_NewArrayObject (authority->priv->cx, (gint32) len, jsvals);
+  array_object = JS_NewArrayObject (authority->priv->cx, value->len, jsvals);
 
   value_jsval = OBJECT_TO_JSVAL (array_object);
   JS_SetProperty (authority->priv->cx, obj, name, &value_jsval);
@@ -818,11 +814,9 @@ subject_to_jsval (PolkitBackendJsAuthority  *authority,
         }
     }
 
-  g_ptr_array_add (groups, NULL);
-
   set_property_int32 (authority, obj, "pid", pid);
   set_property_str (authority, obj, "user", user_name);
-  set_property_strv (authority, obj, "groups", (const gchar* const *) groups->pdata, groups->len);
+  set_property_strv (authority, obj, "groups", groups);
   set_property_str (authority, obj, "seat", seat_str);
   set_property_str (authority, obj, "session", session_str);
   set_property_bool (authority, obj, "local", subject_is_local);

commit cbad0d5721804a4b7c2d998b00da9e70dc623820
Author: Miloslav Trmač <mitr@redhat.com>
Date:   Tue Jul 1 20:00:48 2014 +0200

    Don't store unrooted jsvals on heap
    
    Don't create a temporary array of jsvals on heap; the GC is not looking
    for GC roots there.
    
    Compare
    https://developer.mozilla.org/en-US/docs/SpiderMonkey/GC_Rooting_Guide
    and
    https://web.archive.org/web/20140305233124/https://developer.mozilla.org/en-US/docs/SpiderMonkey_Garbage_Collection_Tips
    .
    
    https://bugs.freedesktop.org/show_bug.cgi?id=69501

diff --git a/src/polkitbackend/polkitbackendjsauthority.c b/src/polkitbackend/polkitbackendjsauthority.c
index efb07a9..d02e5e3 100644
--- a/src/polkitbackend/polkitbackendjsauthority.c
+++ b/src/polkitbackend/polkitbackendjsauthority.c
@@ -663,23 +663,22 @@ set_property_strv (PolkitBackendJsAuthority  *authority,
 {
   jsval value_jsval;
   JSObject *array_object;
-  jsval *jsvals;
   guint n;
 
-  jsvals = g_new0 (jsval, value->len);
+  array_object = JS_NewArrayObject (authority->priv->cx, 0, NULL);
+
   for (n = 0; n < value->len; n++)
     {
       JSString *jsstr;
+      jsval val;
+
       jsstr = JS_NewStringCopyZ (authority->priv->cx, g_ptr_array_index(value, n));
-      jsvals[n] = STRING_TO_JSVAL (jsstr);
+      val = STRING_TO_JSVAL (jsstr);
+      JS_SetElement (authority->priv->cx, array_object, n, &val);
     }
 
-  array_object = JS_NewArrayObject (authority->priv->cx, value->len, jsvals);
-
   value_jsval = OBJECT_TO_JSVAL (array_object);
   JS_SetProperty (authority->priv->cx, obj, name, &value_jsval);
-
-  g_free (jsvals);
 }
 
 

commit 0f5852a4bdabe377ddcdbed09a0c1f95710e17fe
Author: Miloslav Trmač <mitr@redhat.com>
Date:   Tue Jul 1 20:00:48 2014 +0200

    Fix a per-authorization memory leak
    
    We were leaking PolkitAuthorizationResult on every request, primarily on
    the success path, but also on various error paths as well.
    
    https://bugs.freedesktop.org/show_bug.cgi?id=69501

diff --git a/src/polkitbackend/polkitbackendauthority.c b/src/polkitbackend/polkitbackendauthority.c
index a09d667..14eea99 100644
--- a/src/polkitbackend/polkitbackendauthority.c
+++ b/src/polkitbackend/polkitbackendauthority.c
@@ -714,6 +714,7 @@ check_auth_cb (GObject      *source_object,
       g_variant_ref_sink (value);
       g_dbus_method_invocation_return_value (data->invocation, g_variant_new ("(@(bba{ss}))", value));
       g_variant_unref (value);
+      g_object_unref (result);
     }
 
   check_auth_data_free (data);
diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c
index 96725f7..7019356 100644
--- a/src/polkitbackend/polkitbackendinteractiveauthority.c
+++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
@@ -1022,7 +1022,7 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority
 
   /* Otherwise just return the result */
   g_simple_async_result_set_op_res_gpointer (simple,
-                                             result,
+                                             g_object_ref (result),
                                              g_object_unref);
   g_simple_async_result_complete (simple);
   g_object_unref (simple);
@@ -1039,6 +1039,9 @@ polkit_backend_interactive_authority_check_authorization (PolkitBackendAuthority
   g_free (subject_str);
   g_free (user_of_caller_str);
   g_free (user_of_subject_str);
+
+  if (result != NULL)
+    g_object_unref (result);
 }
 
 /* ---------------------------------------------------------------------------------------------------- */

commit ec039f9d7ede5b839f5511e26d5cd6ae9107cb2e
Author: Miloslav Trmač <mitr@redhat.com>
Date:   Tue Jul 1 20:00:48 2014 +0200

    Fix a memory leak when registering an authentication agent
    
    https://bugs.freedesktop.org/show_bug.cgi?id=69501

diff --git a/src/polkitbackend/polkitbackendauthority.c b/src/polkitbackend/polkitbackendauthority.c
index 14eea99..64560e1 100644
--- a/src/polkitbackend/polkitbackendauthority.c
+++ b/src/polkitbackend/polkitbackendauthority.c
@@ -900,6 +900,7 @@ server_handle_register_authentication_agent (Server                 *server,
   g_dbus_method_invocation_return_value (invocation, g_variant_new ("()"));
 
  out:
+  g_variant_unref (subject_gvariant);
   if (subject != NULL)
     g_object_unref (subject);
 }

commit 57e2d86edc2630cac1812a3285715dad795a4bd6
Author: Miloslav Trmač <mitr@redhat.com>
Date:   Tue Jul 1 20:00:48 2014 +0200

    Wrap all JS usage within “requests”
    
    Required by
    https://developer.mozilla.org/en-US/docs/Mozilla/Projects/SpiderMonkey/JSAPI_reference/JS_THREADSAFE
    ; lack of requests causes assertion failures with a debug build of
    mozjs17.
    
    https://bugs.freedesktop.org/show_bug.cgi?id=69501

diff --git a/src/polkitbackend/polkitbackendjsauthority.c b/src/polkitbackend/polkitbackendjsauthority.c
index d02e5e3..88f31bd 100644
--- a/src/polkitbackend/polkitbackendjsauthority.c
+++ b/src/polkitbackend/polkitbackendjsauthority.c
@@ -239,6 +239,7 @@ rules_file_name_cmp (const gchar *a,
   return ret;
 }
 
+/* authority->priv->cx must be within a request */
 static void
 load_scripts (PolkitBackendJsAuthority  *authority)
 {
@@ -339,6 +340,8 @@ reload_scripts (PolkitBackendJsAuthority *authority)
   jsval argv[1] = {JSVAL_NULL};
   jsval rval = JSVAL_NULL;
 
+  JS_BeginRequest (authority->priv->cx);
+
   if (!JS_CallFunctionName(authority->priv->cx,
                            authority->priv->js_polkit,
                            "_deleteRules",
@@ -364,7 +367,7 @@ reload_scripts (PolkitBackendJsAuthority *authority)
   /* Let applications know we have new rules... */
   g_signal_emit_by_name (authority, "changed");
  out:
-  ;
+  JS_EndRequest (authority->priv->cx);
 }
 
 static void
@@ -447,6 +450,7 @@ static void
 polkit_backend_js_authority_constructed (GObject *object)
 {
   PolkitBackendJsAuthority *authority = POLKIT_BACKEND_JS_AUTHORITY (object);
+  gboolean entered_request = FALSE;
 
   authority->priv->rt = JS_NewRuntime (8L * 1024L * 1024L);
   if (authority->priv->rt == NULL)
@@ -466,6 +470,9 @@ polkit_backend_js_authority_constructed (GObject *object)
   JS_SetErrorReporter(authority->priv->cx, report_error);
   JS_SetContextPrivate (authority->priv->cx, authority);
 
+  JS_BeginRequest(authority->priv->cx);
+  entered_request = TRUE;
+
   authority->priv->js_global =
 #if JS_VERSION == 186
     JS_NewGlobalObject (authority->priv->cx, &js_global_class, NULL);
@@ -526,10 +533,15 @@ polkit_backend_js_authority_constructed (GObject *object)
   setup_file_monitors (authority);
   load_scripts (authority);
 
+  JS_EndRequest (authority->priv->cx);
+  entered_request = FALSE;
+
   G_OBJECT_CLASS (polkit_backend_js_authority_parent_class)->constructed (object);
   return;
 
  fail:
+  if (entered_request)
+    JS_EndRequest (authority->priv->cx);
   g_critical ("Error initializing JavaScript environment");
   g_assert_not_reached ();
 }
@@ -642,6 +654,7 @@ polkit_backend_js_authority_class_init (PolkitBackendJsAuthorityClass *klass)
 
 /* ---------------------------------------------------------------------------------------------------- */
 
+/* authority->priv->cx must be within a request */
 static void
 set_property_str (PolkitBackendJsAuthority  *authority,
                   JSObject                  *obj,
@@ -655,6 +668,7 @@ set_property_str (PolkitBackendJsAuthority  *authority,
   JS_SetProperty (authority->priv->cx, obj, name, &value_jsval);
 }
 
+/* authority->priv->cx must be within a request */
 static void
 set_property_strv (PolkitBackendJsAuthority  *authority,
                    JSObject                  *obj,
@@ -681,7 +695,7 @@ set_property_strv (PolkitBackendJsAuthority  *authority,
   JS_SetProperty (authority->priv->cx, obj, name, &value_jsval);
 }
 
-
+/* authority->priv->cx must be within a request */
 static void
 set_property_int32 (PolkitBackendJsAuthority  *authority,
                     JSObject                  *obj,
@@ -693,6 +707,7 @@ set_property_int32 (PolkitBackendJsAuthority  *authority,
   JS_SetProperty (authority->priv->cx, obj, name, &value_jsval);
 }
 
+/* authority->priv->cx must be within a request */
 static void
 set_property_bool (PolkitBackendJsAuthority  *authority,
                    JSObject                  *obj,
@@ -706,6 +721,7 @@ set_property_bool (PolkitBackendJsAuthority  *authority,
 
 /* ---------------------------------------------------------------------------------------------------- */
 
+/* authority->priv->cx must be within a request */
 static gboolean
 subject_to_jsval (PolkitBackendJsAuthority  *authority,
                   PolkitSubject             *subject,
@@ -838,6 +854,7 @@ subject_to_jsval (PolkitBackendJsAuthority  *authority,
 
 /* ---------------------------------------------------------------------------------------------------- */
 
+/* authority->priv->cx must be within a request */
 static gboolean
 action_and_details_to_jsval (PolkitBackendJsAuthority  *authority,
                              const gchar               *action_id,
@@ -1041,6 +1058,8 @@ polkit_backend_js_authority_get_admin_auth_identities (PolkitBackendInteractiveA
   gchar *ret_str = NULL;
   gchar **ret_strs = NULL;
 
+  JS_BeginRequest (authority->priv->cx);
+
   if (!action_and_details_to_jsval (authority, action_id, details, &argv[0], &error))
     {
       polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
@@ -1120,6 +1139,8 @@ polkit_backend_js_authority_get_admin_auth_identities (PolkitBackendInteractiveA
 
   JS_MaybeGC (authority->priv->cx);
 
+  JS_EndRequest (authority->priv->cx);
+
   return ret;
 }
 
@@ -1146,6 +1167,8 @@ polkit_backend_js_authority_check_authorization_sync (PolkitBackendInteractiveAu
   gchar *ret_str = NULL;
   gboolean good = FALSE;
 
+  JS_BeginRequest (authority->priv->cx);
+
   if (!action_and_details_to_jsval (authority, action_id, details, &argv[0], &error))
     {
       polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority),
@@ -1222,6 +1245,8 @@ polkit_backend_js_authority_check_authorization_sync (PolkitBackendInteractiveAu
 
   JS_MaybeGC (authority->priv->cx);
 
+  JS_EndRequest (authority->priv->cx);
+
   return ret;
 }
 

commit 5c668722320eb363f713a0998934aa48fecd56cb
Author: Miloslav Trmač <mitr@redhat.com>
Date:   Tue Jul 1 20:00:48 2014 +0200

    Register heap-based JSObject pointers to GC
    
    This is necessary so that the GC can move the objects (though I haven't
    so far encountered this in testing).
    
    https://bugs.freedesktop.org/show_bug.cgi?id=69501

diff --git a/src/polkitbackend/polkitbackendjsauthority.c b/src/polkitbackend/polkitbackendjsauthority.c
index 88f31bd..39f7060 100644
--- a/src/polkitbackend/polkitbackendjsauthority.c
+++ b/src/polkitbackend/polkitbackendjsauthority.c
@@ -482,6 +482,7 @@ polkit_backend_js_authority_constructed (GObject *object)
 
   if (authority->priv->js_global == NULL)
     goto fail;
+  JS_AddObjectRoot (authority->priv->cx, &authority->priv->js_global);
 
   if (!JS_InitStandardClasses (authority->priv->cx, authority->priv->js_global))
     goto fail;
@@ -494,6 +495,7 @@ polkit_backend_js_authority_constructed (GObject *object)
                                                 JSPROP_ENUMERATE);
   if (authority->priv->js_polkit == NULL)
     goto fail;
+  JS_AddObjectRoot (authority->priv->cx, &authority->priv->js_polkit);
 
   if (!JS_DefineFunctions (authority->priv->cx,
                            authority->priv->js_polkit,
@@ -572,6 +574,11 @@ polkit_backend_js_authority_finalize (GObject *object)
   g_free (authority->priv->dir_monitors);
   g_strfreev (authority->priv->rules_dirs);
 
+  JS_BeginRequest (authority->priv->cx);
+  JS_RemoveObjectRoot (authority->priv->cx, &authority->priv->js_polkit);
+  JS_RemoveObjectRoot (authority->priv->cx, &authority->priv->js_global);
+  JS_EndRequest (authority->priv->cx);
+
   JS_DestroyContext (authority->priv->cx);
   JS_DestroyRuntime (authority->priv->rt);
   /* JS_ShutDown (); */

commit 2881f8b260c03df29afb0e35e6d1707240f95ad7
Author: Miloslav Trmač <mitr@redhat.com>
Date:   Tue Jul 1 20:00:48 2014 +0200

    Prevent builds against SpiderMonkey with exact stack rooting
    
    “Exact stack rooting” means that every on-stack pointer to a JavaScript
    value needs to be registered with the runtime.  The current code doesn't
    do this, so it is not safe to use against a runtime with this
    configuration.  Luckily this configuration is not default.
    
    See
    https://developer.mozilla.org/en-US/docs/SpiderMonkey/Internals/GC/Exact_Stack_Rooting
    and other pages in the wiki for what the conversion would require.
    
    https://bugs.freedesktop.org/show_bug.cgi?id=69501

diff --git a/src/polkitbackend/polkitbackendjsauthority.c b/src/polkitbackend/polkitbackendjsauthority.c
index 39f7060..22812a6 100644
--- a/src/polkitbackend/polkitbackendjsauthority.c
+++ b/src/polkitbackend/polkitbackendjsauthority.c
@@ -43,6 +43,13 @@
 
 #include "initjs.h" /* init.js */
 
+#ifdef JSGC_USE_EXACT_ROOTING
+/* See https://developer.mozilla.org/en-US/docs/SpiderMonkey/Internals/GC/Exact_Stack_Rooting
+ * for more information about exact stack rooting.
+ */
+#error "This code is not safe in SpiderMonkey exact stack rooting configurations"
+#endif
+
 /**
  * SECTION:polkitbackendjsauthority
  * @title: PolkitBackendJsAuthority

commit b544f10dd469ae3cfedc026db71ee76e9ef511a2
Author: Miloslav Trmač <mitr@redhat.com>
Date:   Tue Jul 1 20:00:48 2014 +0200

    Clear the JS operation callback before invoking JS in the callback
    
    Setting the callback to NULL is required by
    https://developer.mozilla.org/en-US/docs/SpiderMonkey/JSAPI_Reference/JS_SetOperationCallback
    to avoid the possibility of recursion.
    
    https://bugs.freedesktop.org/show_bug.cgi?id=69501

diff --git a/src/polkitbackend/polkitbackendjsauthority.c b/src/polkitbackend/polkitbackendjsauthority.c
index 22812a6..8a0a097 100644
--- a/src/polkitbackend/polkitbackendjsauthority.c
+++ b/src/polkitbackend/polkitbackendjsauthority.c
@@ -961,9 +961,11 @@ js_operation_callback (JSContext *cx)
   polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority), "Terminating runaway script");
 
   /* Throw an exception - this way the JS code can ignore the runaway script handling */
+  JS_SetOperationCallback (authority->priv->cx, NULL);
   val_str = JS_NewStringCopyZ (cx, "Terminating runaway script");
   val = STRING_TO_JSVAL (val_str);
   JS_SetPendingException (authority->priv->cx, val);
+  JS_SetOperationCallback (authority->priv->cx, js_operation_callback);
   return JS_FALSE;
 }
 

commit d7da6a23766e9c95fa333a0a9c742f7397c0ad22
Author: Miloslav Trmač <mitr@redhat.com>
Date:   Tue Jul 1 20:00:48 2014 +0200

    Fix spurious timeout exceptions on GC
    
    The JS “Operation callback” can be called by the runtime for other
    reasons, not only when we trigger it by a timeout—notably as part of GC.
    So, make sure to only raise an exception if there actually was a
    timeout.
    
    Adding a whole extra mutex to protect a single boolean is somewhat of an
    overkill, but better than worrying about “subtle bugs and occasionally
    undefined behaviour” the g_atomic_* API is warning about.
    
    https://bugs.freedesktop.org/show_bug.cgi?id=69501
    also
    https://bugs.freedesktop.org/show_bug.cgi?id=77524

diff --git a/src/polkitbackend/polkitbackendjsauthority.c b/src/polkitbackend/polkitbackendjsauthority.c
index 8a0a097..097dcc5 100644
--- a/src/polkitbackend/polkitbackendjsauthority.c
+++ b/src/polkitbackend/polkitbackendjsauthority.c
@@ -80,6 +80,8 @@ struct _PolkitBackendJsAuthorityPrivate
   GMainContext *rkt_context;
   GMainLoop *rkt_loop;
   GSource *rkt_source;
+  GMutex rkt_timeout_pending_mutex;
+  gboolean rkt_timeout_pending;
 
   /* A list of JSObject instances */
   GList *scripts;
@@ -528,6 +530,7 @@ polkit_backend_js_authority_constructed (GObject *object)
 
   g_mutex_init (&authority->priv->rkt_init_mutex);
   g_cond_init (&authority->priv->rkt_init_cond);
+  g_mutex_init (&authority->priv->rkt_timeout_pending_mutex);
 
   authority->priv->runaway_killer_thread = g_thread_new ("runaway-killer-thread",
                                                          runaway_killer_thread_func,
@@ -563,6 +566,7 @@ polkit_backend_js_authority_finalize (GObject *object)
 
   g_mutex_clear (&authority->priv->rkt_init_mutex);
   g_cond_clear (&authority->priv->rkt_init_cond);
+  g_mutex_clear (&authority->priv->rkt_timeout_pending_mutex);
 
   /* shut down the killer thread */
   g_assert (authority->priv->rkt_loop != NULL);
@@ -957,6 +961,18 @@ js_operation_callback (JSContext *cx)
   JSString *val_str;
   jsval val;
 
+  /* This callback can be called by the runtime at any time without us causing
+   * it by JS_TriggerOperationCallback().
+   */
+  g_mutex_lock (&authority->priv->rkt_timeout_pending_mutex);
+  if (!authority->priv->rkt_timeout_pending)
+    {
+      g_mutex_unlock (&authority->priv->rkt_timeout_pending_mutex);
+      return JS_TRUE;
+    }
+  authority->priv->rkt_timeout_pending = FALSE;
+  g_mutex_unlock (&authority->priv->rkt_timeout_pending_mutex);
+
   /* Log that we are terminating the script */
   polkit_backend_authority_log (POLKIT_BACKEND_AUTHORITY (authority), "Terminating runaway script");
 
@@ -974,6 +990,10 @@ rkt_on_timeout (gpointer user_data)
 {
   PolkitBackendJsAuthority *authority = POLKIT_BACKEND_JS_AUTHORITY (user_data);
 
+  g_mutex_lock (&authority->priv->rkt_timeout_pending_mutex);
+  authority->priv->rkt_timeout_pending = TRUE;
+  g_mutex_unlock (&authority->priv->rkt_timeout_pending_mutex);
+
   /* Supposedly this is thread-safe... */
 #if JS_VERSION == 186
   JS_TriggerOperationCallback (authority->priv->rt);
@@ -993,6 +1013,9 @@ runaway_killer_setup (PolkitBackendJsAuthority *authority)
   g_assert (authority->priv->rkt_source == NULL);
 
   /* set-up timer for runaway scripts, will be executed in runaway_killer_thread */
+  g_mutex_lock (&authority->priv->rkt_timeout_pending_mutex);
+  authority->priv->rkt_timeout_pending = FALSE;
+  g_mutex_unlock (&authority->priv->rkt_timeout_pending_mutex);
   authority->priv->rkt_source = g_timeout_source_new_seconds (15);
   g_source_set_callback (authority->priv->rkt_source, rkt_on_timeout, authority, NULL);
   g_source_attach (authority->priv->rkt_source, authority->priv->rkt_context);