[Spice-commits] server/dcc.c

Wed Sep 6 21:46:30 UTC 2017

server/dcc.c |    4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

New commits:
commit bfb66013488507ec86acc6e5dffee4a73f89079f
Author: Frediano Ziglio <fziglio at redhat.com>
Date:   Wed Aug 30 09:17:05 2017 +0100

    dcc: Fix NULL pointer dereference attempting to connect duplicate channels
    
    You could easily trigger this issue using multiple monitors and
    a modified spice-gtk client with this patch:
    
    --- a/src/channel-main.c
    +++ b/src/channel-main.c
    @@ -1699,6 +1699,7 @@ static gboolean _channel_new(channel_new_t *c)
     {
         g_return_val_if_fail(c != NULL, FALSE);
    
    +    if (c->type == SPICE_CHANNEL_DISPLAY) c->id = 0;
         spice_channel_new(c->session, c->type, c->id);
    
         g_object_unref(c->session);
    
    This as g_initable_new in this case returns NULL (dcc.c).
    
    Signed-off-by: Frediano Ziglio <fziglio at redhat.com>
    Acked-by: Jonathon Jongsma <jjongsma at redhat.com>

diff --git a/server/dcc.c b/server/dcc.c
index ec8b6074..e2dba2ae 100644
--- a/server/dcc.c
+++ b/server/dcc.c
@@ -518,7 +518,9 @@ DisplayChannelClient *dcc_new(DisplayChannel *display,
                          NULL);
     spice_debug("New display (client %p) dcc %p stream %p", client, dcc, stream);
     common_graphics_channel_set_during_target_migrate(COMMON_GRAPHICS_CHANNEL(display), mig_target);
-    dcc->priv->id = common_graphics_channel_get_qxl(COMMON_GRAPHICS_CHANNEL(display))->id;
+    if (dcc) {
+        dcc->priv->id = common_graphics_channel_get_qxl(COMMON_GRAPHICS_CHANNEL(display))->id;
+    }
 
     return dcc;
 }
