Rest method produces error when called asynchronous

As of now, the rewrite of Cawbird (a GTK Twitter client) can authenticate at the API-Servers from Twitter using both OAuth 1.0a and 2.0.

The former requires us to fetch an token for the client before building the url to send the user for authentication to, which is where an asynchronous method is practical.
The latter however only builds the url locally and therefore don’t need an asynchronous method.

Now, due to how I designed the backend, the implementation to build these authentication url is done in an asynchronous method (as I have a base class defining the methods for the frontend that are implemented in sub-classes).

However, I found out today that running Rest.OAuth2Proxy.build_authentication_url in an asynchronous method leads to an error.

When I also set the OAuth state variable to be saved, the program will crash when finalizing the class and freeing the stored state variable.

See the following code:

class TestClass : Object {
  private Rest.OAuth2Proxy proxy;
  private string? state = null;

  public TestClass () {
    proxy = new Rest.OAuth2Proxy ("example://authorize",

  public async string build_url () {
    var auth_challenge = new Rest.PkceCodeChallenge.random ();
    return proxy.build_authorization_url (auth_challenge.get_challenge (),
                                          out state);

void main () {
  var test = new TestClass ();
  var loop = new MainLoop ();
  test.build_url.begin ((obj, res) => {
    string url = test.build_url.end (res);
    print (@"Look at this url: $(url)\n");

When it is run as is, it should result in an crash with one of the following messages:

  • free(): invalid pointer
  • double free or corruption (out)
  • free(): invalid size

When making build_url a synchronous method it will work without an problem though.

Now, my question is if running this method asynchronously should just not be done (and is therefore my problem), or if this is an bug from either librest or valac that should be resolved.

Can you check if the crash occures in auth_challenge.get_challenge () or proxy.build_authorization_url ().

Also I cannot find Rest.PkceCodeChallenge on, but it is in the librest c api docs. So are you using a git version of librest?

Seems like a problem with the out state parameter. If i pass null into build_authorization_url it works.
I initialize the memory for the state via g_slice_alloc0 and it seems that this needs to be free’d with g_slice_free1 which doesn’t happen in vala but instead it gets free’d with g_free. After changing the allocation mechanism with g_malloc0 everything seems fine. I will MR this in the evening when i have more time. Thanks for test driving the Oauth2 provider!

Thanks for looking into this!

I pushed it. This should solve your problem (sry for the late fix)

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.