[Spice-commits] common/canvas_base.c

Christophe Fergau teuf at kemper.freedesktop.org
Thu Jul 20 15:13:43 UTC 2017

 common/canvas_base.c |    4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

New commits:
commit a25ebbac56f86f12ef14b2a60609a14dc5109d7d
Author: Christophe Fergeau <cfergeau at redhat.com>
Date:   Thu Jul 20 16:16:39 2017 +0200

    canvas: Don't try to unref NULL pixman_image_t
    pixman_image_unref() does not ignore NULL pointers, it tries to
    dereference it which causes a crash. When trying to decode invalid QUIC
    data, we could end up in a situation where 'surface' would still be
    NULL when reaching the setjmp block.
    Signed-off-by: Christophe Fergeau <cfergeau at redhat.com>
    Acked-by: Frediano Ziglio <fziglio at redhat.com>

diff --git a/common/canvas_base.c b/common/canvas_base.c
index ed0de73..a9d7855 100644
--- a/common/canvas_base.c
+++ b/common/canvas_base.c
@@ -380,7 +380,9 @@ static pixman_image_t *canvas_get_quic(CanvasBase *canvas, SpiceImage *image,
     int height;
     if (setjmp(quic_data->jmp_env)) {
-        pixman_image_unref(surface);
+        if (surface != NULL) {
+            pixman_image_unref(surface);
+        }
         spice_warning("%s", quic_data->message_buf);
         return NULL;

More information about the Spice-commits mailing list