[Spice-devel] [PATCH spice 2/5] usbredir: Ensure that our msg_rcv_buf is not used re-entrantly
Hans de Goede
hdegoede at redhat.com
Thu Aug 25 03:19:54 PDT 2011
Signed-off-by: Hans de Goede <hdegoede at redhat.com>
---
server/usbredir.c | 12 ++++++++++++
1 files changed, 12 insertions(+), 0 deletions(-)
diff --git a/server/usbredir.c b/server/usbredir.c
index 8daab7d..11c4058 100644
--- a/server/usbredir.c
+++ b/server/usbredir.c
@@ -22,6 +22,8 @@
#include <config.h>
#endif
+#include <assert.h>
+
#include "server/char_device.h"
#include "server/red_channel.h"
#include "server/reds.h"
@@ -44,6 +46,7 @@ typedef struct UsbRedirState {
UsbRedirPipeItem *pipe_item;
uint8_t *rcv_buf;
uint32_t rcv_buf_size;
+ int rcv_buf_in_use;
} UsbRedirState;
typedef struct UsbRedirChannel {
@@ -140,18 +143,27 @@ static uint8_t *usbredir_red_channel_alloc_msg_rcv_buf(RedChannelClient *rcc,
state = SPICE_CONTAINEROF(rcc->channel, UsbRedirChannel, base)->state;
+ assert(!state->rcv_buf_in_use);
+
if (msg_header->size > state->rcv_buf_size) {
state->rcv_buf = spice_realloc(state->rcv_buf, msg_header->size);
state->rcv_buf_size = msg_header->size;
}
+ state->rcv_buf_in_use = 1;
+
return state->rcv_buf;
}
static void usbredir_red_channel_release_msg_rcv_buf(RedChannelClient *rcc,
SpiceDataHeader *msg_header, uint8_t *msg)
{
+ UsbRedirState *state;
+
+ state = SPICE_CONTAINEROF(rcc->channel, UsbRedirChannel, base)->state;
+
/* NOOP, we re-use the buffer every time and only free it on destruction */
+ state->rcv_buf_in_use = 0;
}
static void usbredir_red_channel_hold_pipe_item(RedChannelClient *rcc,
--
1.7.5.1
More information about the Spice-devel
mailing list