[Spice-commits] server/red-channel.c
Frediano Ziglio
fziglio at kemper.freedesktop.org
Tue Apr 12 15:28:45 UTC 2016
server/red-channel.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
New commits:
commit b3aebf913623ed4c8cb7eb03380c0f3f2b7c42d6
Author: Frediano Ziglio <fziglio at redhat.com>
Date: Tue Apr 12 16:28:07 2016 +0100
red-channel: make red_client_{ref,unref} thread safe
These function are called on both sides of dispatcher so the
increment/decrement of the counter is done in multiple threads.
This caused the counter to not get incremented correctly and
freed the structure too early, leaving a dangling pointer in
the other thread.
This fixes https://bugzilla.redhat.com/show_bug.cgi?id=1253375.
Signed-off-by: Frediano Ziglio <fziglio at redhat.com>
Acked-by: Christophe Fergeau <cfergeau at redhat.com>
Acked-by: Jonathon Jongsma <jjongsma at redhat.com>
diff --git a/server/red-channel.c b/server/red-channel.c
index d8f1d27..cfddea0 100644
--- a/server/red-channel.c
+++ b/server/red-channel.c
@@ -2064,13 +2064,13 @@ RedClient *red_client_new(RedsState *reds, int migrated)
RedClient *red_client_ref(RedClient *client)
{
spice_assert(client);
- client->refs++;
+ g_atomic_int_inc(&client->refs);
return client;
}
RedClient *red_client_unref(RedClient *client)
{
- if (!--client->refs) {
+ if (g_atomic_int_dec_and_test(&client->refs)) {
spice_debug("release client=%p", client);
pthread_mutex_destroy(&client->lock);
free(client);
More information about the Spice-commits
mailing list