From 5e3dab6cdc45187ffff3f6a52dca5ff393aa2a0f Mon Sep 17 00:00:00 2001
From: Blair Steven <blair.steven@alliedtelesis.co.nz>
Date: Mon, 19 Feb 2024 13:24:06 +1300
Subject: [PATCH] Take instance lock before destroying delayed work object

When the delayed work object is freed the call reference is removed from
the registry index - this work requires the state to be locked.
---
 alfred.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/alfred.c b/alfred.c
index cb0bdc1..8f97d25 100644
--- a/alfred.c
+++ b/alfred.c
@@ -819,7 +819,9 @@ static void
 dw_destroy (gpointer arg1)
 {
     struct delayed_work_s *dw = (struct delayed_work_s *) arg1;
+    lua_apteryx_instance_lock (dw->instance);
     luaL_unref (dw->instance, LUA_REGISTRYINDEX, dw->call);
+    lua_apteryx_instance_unlock (dw->instance);
     dw->call = LUA_NOREF;
     g_free (dw->script);
     g_free (dw);
@@ -911,7 +913,13 @@ delayed_work_add (lua_State *ls, bool reset_timer)
         if (found && reset_timer)
         {
             delayed_work = g_list_remove (delayed_work, dw);
+            /* When destroying the old delayed work object we access the
+             * lua_State under the lock, so it must be released here.
+             */
+            lua_State *instance = dw->instance;
+            lua_apteryx_instance_unlock (instance);
             g_source_remove (dw->id);
+            lua_apteryx_instance_lock (instance);
         }
     }