[Spice-commits] Branch '0.12' - 3 commits - NEWS server/red_worker.c
Christophe Fergau
teuf at kemper.freedesktop.org
Wed Jul 13 13:57:31 UTC 2016
NEWS | 4 ++++
server/red_worker.c | 12 ++++++++----
2 files changed, 12 insertions(+), 4 deletions(-)
New commits:
commit 4d67c41aa77b535116357023c96499949f7bfc56
Author: Frediano Ziglio <fziglio at redhat.com>
Date: Wed Nov 4 15:07:28 2015 +0000
worker: don't process drawable if it can't be allocated
Acked-by: Fabiano FidĂȘncio <fidencio at redhat.com>
(cherry picked from commit 63b8ea5afba5c6eb1b9825b06f2006930c318aed)
diff --git a/server/red_worker.c b/server/red_worker.c
index 23cd1c9..bf0a149 100644
--- a/server/red_worker.c
+++ b/server/red_worker.c
@@ -4038,14 +4038,14 @@ static inline int red_handle_self_bitmap(RedWorker *worker, Drawable *drawable)
return TRUE;
}
-static void free_one_drawable(RedWorker *worker, int force_glz_free)
+static bool free_one_drawable(RedWorker *worker, int force_glz_free)
{
RingItem *ring_item = ring_get_tail(&worker->current_list);
Drawable *drawable;
Container *container;
if (!ring_item) {
- return;
+ return FALSE;
}
drawable = SPICE_CONTAINEROF(ring_item, Drawable, list_link);
if (force_glz_free) {
@@ -4060,6 +4060,8 @@ static void free_one_drawable(RedWorker *worker, int force_glz_free)
current_remove_drawable(worker, drawable);
container_cleanup(worker, container);
+
+ return TRUE;
}
static Drawable *get_drawable(RedWorker *worker, uint8_t effect, RedDrawable *red_drawable,
@@ -4081,7 +4083,8 @@ static Drawable *get_drawable(RedWorker *worker, uint8_t effect, RedDrawable *re
}
while (!(drawable = alloc_drawable(worker))) {
- free_one_drawable(worker, FALSE);
+ if (!free_one_drawable(worker, FALSE))
+ return NULL;
}
worker->drawable_count++;
memset(drawable, 0, sizeof(Drawable));
@@ -4191,7 +4194,6 @@ static inline void red_process_drawable(RedWorker *worker, RedDrawable *red_draw
Drawable *drawable = get_drawable(worker, red_drawable->effect, red_drawable, group_id);
if (!drawable) {
- rendering_incorrect("failed to get_drawable");
return;
}
commit e0364a918f2171cfcba0a66e7b32731be8cdd11e
Author: Marc-André Lureau <marcandre.lureau at gmail.com>
Date: Thu Sep 12 15:30:58 2013 +0200
worker: remove assertion on alloc_drawable
There is no guarantee in the code that this can't be hit, so we should
cope with it (the condition can be reached easily by running the server
without waiting for blocked clients or pipe size)
The following commit will attempt to address this.
Acked-by: Frediano Ziglio <fziglio at redhat.com>
Acked-by: Christophe Fergeau <cfergeau at redhat.com>
(cherry picked from commit 5c7e248445f95c3fa2627532780950cf604b9e20)
diff --git a/server/red_worker.c b/server/red_worker.c
index 9e776b9..23cd1c9 100644
--- a/server/red_worker.c
+++ b/server/red_worker.c
@@ -4044,7 +4044,9 @@ static void free_one_drawable(RedWorker *worker, int force_glz_free)
Drawable *drawable;
Container *container;
- spice_assert(ring_item);
+ if (!ring_item) {
+ return;
+ }
drawable = SPICE_CONTAINEROF(ring_item, Drawable, list_link);
if (force_glz_free) {
RingItem *glz_item, *next_item;
commit e6f3df6a475ffdefa0f4660cc6cad3289bbefaad
Author: Christophe Fergeau <cfergeau at redhat.com>
Date: Fri Jul 8 17:27:26 2016 +0200
Update NEWS for 0.12.8 release
diff --git a/NEWS b/NEWS
index f00d445..608f1c5 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,7 @@
+Changes in 0.12.8:
+==================
+* Fixes for CVE-2016-0749 and CVE-2016-2150
+
Changes in 0.12.7:
==================
* spice-server will now send TCP keepalive probes on the TCP connections it
More information about the Spice-commits
mailing list