[Spice-commits] common/canvas_base.c
Christophe Fergau
teuf at kemper.freedesktop.org
Thu Jul 20 15:13:43 UTC 2017
common/canvas_base.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
New commits:
commit a25ebbac56f86f12ef14b2a60609a14dc5109d7d
Author: Christophe Fergeau <cfergeau at redhat.com>
Date: Thu Jul 20 16:16:39 2017 +0200
canvas: Don't try to unref NULL pixman_image_t
pixman_image_unref() does not ignore NULL pointers, it tries to
dereference it which causes a crash. When trying to decode invalid QUIC
data, we could end up in a situation where 'surface' would still be
NULL when reaching the setjmp block.
Signed-off-by: Christophe Fergeau <cfergeau at redhat.com>
Acked-by: Frediano Ziglio <fziglio at redhat.com>
diff --git a/common/canvas_base.c b/common/canvas_base.c
index ed0de73..a9d7855 100644
--- a/common/canvas_base.c
+++ b/common/canvas_base.c
@@ -380,7 +380,9 @@ static pixman_image_t *canvas_get_quic(CanvasBase *canvas, SpiceImage *image,
int height;
if (setjmp(quic_data->jmp_env)) {
- pixman_image_unref(surface);
+ if (surface != NULL) {
+ pixman_image_unref(surface);
+ }
spice_warning("%s", quic_data->message_buf);
return NULL;
}
More information about the Spice-commits
mailing list