[Spice-devel] [PATCH spice-server] reds: Do not abort due to wrong header
Pavel Grunt
pgrunt at redhat.com
Fri Nov 13 00:14:29 PST 2015
Just prevent the buggy client from connecting.
#0 0x00007fffe83b2a98 in raise () at /lib64/libc.so.6
#1 0x00007fffe83b469a in abort () at /lib64/libc.so.6
#2 0x00007ffff7b1533d in spice_logv (log_domain=0x7ffff7b87226 "Spice", log_level=SPICE_LOG_LEVEL_ERROR, strloc=0x7ffff7b92aba "reds.c:1373", function=0x7ffff7b94f40 <__FUNCTION__.31775> "reds_send_link_ack", format=0x7ffff7b871fe "assertion `%s' failed", args=args at entry=0x7fffffffcb68) at log.c:109
#3 0x00007ffff7b15468 in spice_log (log_domain=log_domain at entry=0x7ffff7b87226 "Spice", log_level=log_level at entry=SPICE_LOG_LEVEL_ERROR, strloc=strloc at entry=0x7ffff7b92aba "reds.c:1373", function=function at entry=0x7ffff7b94f40 <__FUNCTION__.31775> "reds_send_link_ack", format=format at entry=0x7ffff7b871fe "assertion `%s' failed") at log.c:123
#4 0x00007ffff7aee335 in reds_handle_read_link_done (link=0x555556b27c70)
at reds.c:1373
#5 0x00007ffff7aee335 in reds_handle_read_link_done (opaque=0x555556b27c70)
at reds.c:2139
#6 0x000055555588acc6 in qemu_iohandler_poll ()
#7 0x000055555588a8e1 in main_loop_wait ()
#8 0x0000555555614064 in main ()
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1281442
---
server/reds.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/server/reds.c b/server/reds.c
index 1f6774e..9bd28df 100644
--- a/server/reds.c
+++ b/server/reds.c
@@ -1370,7 +1370,10 @@ static int reds_send_link_ack(RedLinkInfo *link)
channel = reds_find_channel(link->link_mess->channel_type,
link->link_mess->channel_id);
if (!channel) {
- spice_assert(link->link_mess->channel_type == SPICE_CHANNEL_MAIN);
+ if (link->link_mess->channel_type != SPICE_CHANNEL_MAIN) {
+ spice_warning("Received wrong header: channel_type != SPICE_CHANNEL_MAIN");
+ return FALSE;
+ }
spice_assert(reds->main_channel);
channel = &reds->main_channel->base;
}
--
2.5.0
More information about the Spice-devel
mailing list