[Spice-devel] [PATCH spice-gtk 01/10] spice-channel: Fix a possible race triggered by spice_channel_iterate_write
Hans de Goede
hdegoede at redhat.com
Fri Aug 12 07:50:28 PDT 2011
Fix a race between spice_channel_buffered_write and
spice_channel_iterate_write.
Signed-off-by: Hans de Goede <hdegoede at redhat.com>
---
gtk/spice-channel.c | 17 +++++++++++++++--
1 files changed, 15 insertions(+), 2 deletions(-)
diff --git a/gtk/spice-channel.c b/gtk/spice-channel.c
index 8834143..f367b4d 100644
--- a/gtk/spice-channel.c
+++ b/gtk/spice-channel.c
@@ -1750,9 +1750,22 @@ static void spice_channel_iterate_write(SpiceChannel *channel)
{
SpiceChannelPrivate *c = channel->priv;
- if (c->xmit_buffer_size) {
- spice_channel_write(channel, c->xmit_buffer, c->xmit_buffer_size);
+ if (c->xmit_buffer) {
+ /*
+ * Take ownership of the buffer, so that if spice_channel_write calls
+ * g_io_wait and thus yields to the main context, and that then calls
+ * spice_channel_buffered_write it does not mess with the buffer
+ * being written out.
+ */
+ guint8 *buffer = c->xmit_buffer;
+ int size = c->xmit_buffer_size;
+
+ c->xmit_buffer = NULL;
c->xmit_buffer_size = 0;
+ c->xmit_buffer_capacity = 0;
+
+ spice_channel_write(channel, buffer, size);
+ g_free(buffer);
}
}
--
1.7.5.1
More information about the Spice-devel
mailing list