[Spice-commits] server/reds.c
Frediano Ziglio
fziglio at kemper.freedesktop.org
Tue May 31 15:27:51 UTC 2016
server/reds.c | 5 +++++
1 file changed, 5 insertions(+)
New commits:
commit 0c5eca97f16ec6a1364d4796e2c0ca2a92e4e27c
Author: Frediano Ziglio <fziglio at redhat.com>
Date: Tue May 31 13:05:54 2016 +0100
Handle flow control without crashing for agent
RedCharDevice used for the agent has flow control enabled.
This make possible for red_char_device_write_buffer_get to return NULL.
Handle such situation without crashing avoiding NULL dereference.
This fixes https://bugs.freedesktop.org/show_bug.cgi?id=95416.
Signed-off-by: Frediano Ziglio <fziglio at redhat.com>
Acked-by: Uri Lublin <uril at redhat.com>
diff --git a/server/reds.c b/server/reds.c
index 74deb58..827ba2a 100644
--- a/server/reds.c
+++ b/server/reds.c
@@ -1120,6 +1120,11 @@ uint8_t *reds_get_agent_data_buffer(RedsState *reds, MainChannelClient *mcc, siz
dev->priv->recv_from_client_buf = red_char_device_write_buffer_get(RED_CHAR_DEVICE(dev),
client,
size + sizeof(VDIChunkHeader));
+ /* check if buffer was allocated, as flow control is enabled for
+ * this device this is a normal condition */
+ if (!dev->priv->recv_from_client_buf) {
+ return NULL;
+ }
dev->priv->recv_from_client_buf_pushed = FALSE;
return dev->priv->recv_from_client_buf->buf + sizeof(VDIChunkHeader);
}
More information about the Spice-commits
mailing list