[Spice-devel] [PATCH spice-gtk] usbredir: prevent crash when calling without host

Christophe Fergeau cfergeau at redhat.com
Mon Dec 22 03:10:59 PST 2014 

ACK.

Christophe

On Sat, Dec 20, 2014 at 01:09:24AM +0100, Marc-André Lureau wrote:
> Quite annoyingly, usbredir doesn't have public functions arguments
> preconditions, and will weirdly run the flush callback during
> initialization.
> 
> With 201a8c2 change, the channel state is kept as it is when calling
> reset. This will result in the following crash that was avoided before
> thanks to a precondition on the channel to be ready. Adding a further
> precondition check on priv->host != NULL solves the following crash
> during reset():
> 
> Program received signal SIGSEGV, Segmentation fault.
> usbredirhost_write_guest_data (host=0x0) at usbredirhost.c:868
> 868                               return
> usbredirparser_do_write(host->parser);
> (gdb) bt
>  #0  0x00007fffb2ed24d0 in usbredirhost_write_guest_data (host=0x0) at
>  #usbredirhost.c:868
>  #1  0x00007fffc81d463b in
>  #usbredir_write_flush_callback (user_data=0x2d95250) at
>  #channel-usbredir.c:469
>  #2  0x00007fffb2ed23f9 in usbredirhost_open_full (usb_ctx=0x2baba70,
>  #usb_dev_handle=0x0, log_func=<optimized out>,
>  #read_guest_data_func=0x7fffc81d482c <usbredir_read_callback>,
>  #write_guest_data_func=0x7fffc81d4952 <usbredir_write_callback>,
>  #flush_writes_func=0x7fffc81d45c3 <usbredir_write_flush_callback>,
>  #alloc_lock_func=0x7fffc81d49f1 <usbredir_alloc_lock>,
>  #lock_func=0x7fffc81d4a41 <usbredir_lock_lock>,
>  #unlock_func=0x7fffc81d4a86 <usbredir_unlock_lock>,
>  #free_lock_func=0x7fffc81d4acb <usbredir_free_lock>,
>  #func_priv=0x2d95250, version=0x7fffc8283dcf "spice-gtk
>  #0.27.7-89db-dirty", verbose=4, flags=1) at usbredirhost.c:748
>  #3  0x00007fffc81d3b22 in
>  #spice_usbredir_channel_set_context (channel=0x2d95250
>  #[SpiceUsbredirChannel], context=0x2baba70) at channel-usbredir.c:212
>  #4  0x00007fffc81d37a9 in spice_usbredir_channel_reset (c=0x2d95250
>  #[SpiceUsbredirChannel], migrating=0)
>  at channel-usbredir.c:125
>  #5  0x00007fffc81b7f8d in spice_channel_reset (channel=0x2d95250
>  [SpiceUsbredirChannel], migrating=0)
>  at spice-channel.c:2688
>  #6  0x00007fffc81b8057 in channel_disconnect (channel=0x2d95250
>  [SpiceUsbredirChannel]) at spice-channel.c:2706
>  #7  0x00007fffc81b7559 in
>  spice_channel_coroutine (data=0x2d95250) at spice-channel.c:2490
> ---
>  gtk/channel-usbredir.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/gtk/channel-usbredir.c b/gtk/channel-usbredir.c
> index 5238566..b1a91fb 100644
> --- a/gtk/channel-usbredir.c
> +++ b/gtk/channel-usbredir.c
> @@ -466,6 +466,9 @@ static void usbredir_write_flush_callback(void *user_data)
>              SPICE_CHANNEL_STATE_READY)
>          return;
>  
> +    if (!priv->host)
> +        return;
> +
>      usbredirhost_write_guest_data(priv->host);
>  }
>  
> -- 
> 2.1.0
> 
> _______________________________________________
> Spice-devel mailing list
> Spice-devel at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/spice-devel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/spice-devel/attachments/20141222/f18502a9/attachment.sig>

More information about the Spice-devel mailing list