[Spice-devel] [PATCH] snd channel: fix accessing freed memory
Yonit Halperin
yhalperi at redhat.com
Thu Oct 11 11:26:50 PDT 2012
snd_channel_put freed "channel", and then channel->worker was accessed.
It caused segmentation faults during connections and disconnections of the client.
---
server/snd_worker.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/server/snd_worker.c b/server/snd_worker.c
index a12397e..bc7be51 100644
--- a/server/snd_worker.c
+++ b/server/snd_worker.c
@@ -214,9 +214,9 @@ static void snd_disconnect_channel(SndChannel *channel)
return;
}
spice_debug("%p", channel);
+ worker = channel->worker;
if (channel->stream) {
channel->cleanup(channel);
- worker = channel->worker;
red_channel_client_disconnect(worker->connection->channel_client);
core->watch_remove(channel->stream->watch);
channel->stream->watch = NULL;
@@ -225,7 +225,7 @@ static void snd_disconnect_channel(SndChannel *channel)
spice_marshaller_destroy(channel->send_data.marshaller);
}
snd_channel_put(channel);
- channel->worker->connection = NULL;
+ worker->connection = NULL;
}
static void snd_playback_free_frame(PlaybackChannel *playback_channel, AudioFrame *frame)
--
1.7.7.6
More information about the Spice-devel
mailing list