[Spice-devel] [PATCH spice-gtk] usbredir: prevent crash when calling without host

Fri Dec 19 16:09:24 PST 2014

Quite annoyingly, usbredir doesn't have public functions arguments
preconditions, and will weirdly run the flush callback during
initialization.

With 201a8c2 change, the channel state is kept as it is when calling
reset. This will result in the following crash that was avoided before
thanks to a precondition on the channel to be ready. Adding a further
precondition check on priv->host != NULL solves the following crash
during reset():

Program received signal SIGSEGV, Segmentation fault.
usbredirhost_write_guest_data (host=0x0) at usbredirhost.c:868
868                               return
usbredirparser_do_write(host->parser);
(gdb) bt
 #0  0x00007fffb2ed24d0 in usbredirhost_write_guest_data (host=0x0) at
 #usbredirhost.c:868
 #1  0x00007fffc81d463b in
 #usbredir_write_flush_callback (user_data=0x2d95250) at
 #channel-usbredir.c:469
 #2  0x00007fffb2ed23f9 in usbredirhost_open_full (usb_ctx=0x2baba70,
 #usb_dev_handle=0x0, log_func=<optimized out>,
 #read_guest_data_func=0x7fffc81d482c <usbredir_read_callback>,
 #write_guest_data_func=0x7fffc81d4952 <usbredir_write_callback>,
 #flush_writes_func=0x7fffc81d45c3 <usbredir_write_flush_callback>,
 #alloc_lock_func=0x7fffc81d49f1 <usbredir_alloc_lock>,
 #lock_func=0x7fffc81d4a41 <usbredir_lock_lock>,
 #unlock_func=0x7fffc81d4a86 <usbredir_unlock_lock>,
 #free_lock_func=0x7fffc81d4acb <usbredir_free_lock>,
 #func_priv=0x2d95250, version=0x7fffc8283dcf "spice-gtk
 #0.27.7-89db-dirty", verbose=4, flags=1) at usbredirhost.c:748
 #3  0x00007fffc81d3b22 in
 #spice_usbredir_channel_set_context (channel=0x2d95250
 #[SpiceUsbredirChannel], context=0x2baba70) at channel-usbredir.c:212
 #4  0x00007fffc81d37a9 in spice_usbredir_channel_reset (c=0x2d95250
 #[SpiceUsbredirChannel], migrating=0)
 at channel-usbredir.c:125
 #5  0x00007fffc81b7f8d in spice_channel_reset (channel=0x2d95250
 [SpiceUsbredirChannel], migrating=0)
 at spice-channel.c:2688
 #6  0x00007fffc81b8057 in channel_disconnect (channel=0x2d95250
 [SpiceUsbredirChannel]) at spice-channel.c:2706
 #7  0x00007fffc81b7559 in
 spice_channel_coroutine (data=0x2d95250) at spice-channel.c:2490
---
 gtk/channel-usbredir.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/gtk/channel-usbredir.c b/gtk/channel-usbredir.c
index 5238566..b1a91fb 100644
--- a/gtk/channel-usbredir.c
+++ b/gtk/channel-usbredir.c
@@ -466,6 +466,9 @@ static void usbredir_write_flush_callback(void *user_data)
             SPICE_CHANNEL_STATE_READY)
         return;
 
+    if (!priv->host)
+        return;
+
     usbredirhost_write_guest_data(priv->host);
 }
 
-- 
2.1.0

