[Spice-commits] src/giopipe.c

GitLab Mirror gitlab-mirror at kemper.freedesktop.org
Wed Jun 19 06:55:21 UTC 2019


 src/giopipe.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

New commits:
commit 6a14f9ce22b5500547965eaf799be3e69d4aa2d1
Author: Jakub Janků <jjanku at redhat.com>
Date:   Mon Jun 17 22:46:26 2019 +0200

    gio-pipe: fix NULL pointer dereferencing
    
    In pipe_output_stream_is_writable, if the peer is already gone,
    peer_closed is set to TRUE and in this case, peer->read should not be accessed
    as peer is NULL.
    
    Otherwise, the following sequence of calls (simplified) would trigger a segfault:
    
        spice_make_pipe(p1, p2);
        g_output_stream_write_all_async(p1_out);
        g_clear_object(p2);
        g_pollable_output_stream_is_writable(p1_out);
    
    Signed-off-by: Jakub Janků <jjanku at redhat.com>
    Acked-by: Frediano Ziglio <fziglio at redhat.com>

diff --git a/src/giopipe.c b/src/giopipe.c
index de1adae..fcec844 100644
--- a/src/giopipe.c
+++ b/src/giopipe.c
@@ -420,7 +420,7 @@ pipe_output_stream_is_writable (GPollableOutputStream *stream)
     PipeOutputStream *self = PIPE_OUTPUT_STREAM(stream);
     gboolean writable;
 
-    writable = self->buffer == NULL || self->peer->read >= 0 || self->peer_closed;
+    writable = self->buffer == NULL || self->peer_closed || self->peer->read >= 0;
     //g_debug("writable %p %d", self, writable);
 
     return writable;


More information about the Spice-commits mailing list