[Spice-commits] gtk/channel-usbredir.c

Marc-André Lureau elmarco at kemper.freedesktop.org
Mon Dec 22 04:12:48 PST 2014 

 gtk/channel-usbredir.c |    3 +++
 1 file changed, 3 insertions(+)

New commits:
commit 5b252b0f499601bcf387c02a4dd35d27ed34c07c
Author: Marc-André Lureau <marcandre.lureau at redhat.com>
Date:   Sat Dec 20 01:03:09 2014 +0100

    usbredir: prevent crash when calling without host
    
    Quite annoyingly, usbredir doesn't have public functions arguments
    preconditions, and will weirdly run the flush callback during
    initialization.
    
    With 201a8c2 change, the channel state is kept as it is when calling
    reset. This will result in the following crash that was avoided before
    thanks to a precondition on the channel to be ready. Adding a further
    precondition check on priv->host != NULL solves the following crash
    during reset():
    
    Program received signal SIGSEGV, Segmentation fault.
    usbredirhost_write_guest_data (host=0x0) at usbredirhost.c:868
    868                               return
    usbredirparser_do_write(host->parser);
    (gdb) bt
     #0  0x00007fffb2ed24d0 in usbredirhost_write_guest_data (host=0x0) at
     #usbredirhost.c:868
     #1  0x00007fffc81d463b in
     #usbredir_write_flush_callback (user_data=0x2d95250) at
     #channel-usbredir.c:469
     #2  0x00007fffb2ed23f9 in usbredirhost_open_full (usb_ctx=0x2baba70,
     #usb_dev_handle=0x0, log_func=<optimized out>,
     #read_guest_data_func=0x7fffc81d482c <usbredir_read_callback>,
     #write_guest_data_func=0x7fffc81d4952 <usbredir_write_callback>,
     #flush_writes_func=0x7fffc81d45c3 <usbredir_write_flush_callback>,
     #alloc_lock_func=0x7fffc81d49f1 <usbredir_alloc_lock>,
     #lock_func=0x7fffc81d4a41 <usbredir_lock_lock>,
     #unlock_func=0x7fffc81d4a86 <usbredir_unlock_lock>,
     #free_lock_func=0x7fffc81d4acb <usbredir_free_lock>,
     #func_priv=0x2d95250, version=0x7fffc8283dcf "spice-gtk
     #0.27.7-89db-dirty", verbose=4, flags=1) at usbredirhost.c:748
     #3  0x00007fffc81d3b22 in
     #spice_usbredir_channel_set_context (channel=0x2d95250
     #[SpiceUsbredirChannel], context=0x2baba70) at channel-usbredir.c:212
     #4  0x00007fffc81d37a9 in spice_usbredir_channel_reset (c=0x2d95250
     #[SpiceUsbredirChannel], migrating=0)
     at channel-usbredir.c:125
     #5  0x00007fffc81b7f8d in spice_channel_reset (channel=0x2d95250
     [SpiceUsbredirChannel], migrating=0)
     at spice-channel.c:2688
     #6  0x00007fffc81b8057 in channel_disconnect (channel=0x2d95250
     [SpiceUsbredirChannel]) at spice-channel.c:2706
     #7  0x00007fffc81b7559 in
     spice_channel_coroutine (data=0x2d95250) at spice-channel.c:2490

diff --git a/gtk/channel-usbredir.c b/gtk/channel-usbredir.c
index 5238566..b1a91fb 100644
--- a/gtk/channel-usbredir.c
+++ b/gtk/channel-usbredir.c
@@ -466,6 +466,9 @@ static void usbredir_write_flush_callback(void *user_data)
             SPICE_CHANNEL_STATE_READY)
         return;
 
+    if (!priv->host)
+        return;
+
     usbredirhost_write_guest_data(priv->host);
 }

More information about the Spice-commits mailing list