[Spice-devel] [PATCH 1/2] fix double release of a drawable. RHBZ #713474
Yonit Halperin
yhalperi at redhat.com
Wed Jun 15 07:34:21 PDT 2011
---
server/red_worker.c | 11 +++++++++++
1 files changed, 11 insertions(+), 0 deletions(-)
diff --git a/server/red_worker.c b/server/red_worker.c
index bee86b9..c7869ad 100644
--- a/server/red_worker.c
+++ b/server/red_worker.c
@@ -1559,6 +1559,10 @@ static void red_flush_source_surfaces(RedWorker *worker, Drawable *drawable)
static inline void current_remove_drawable(RedWorker *worker, Drawable *item)
{
+ if (!ring_item_is_linked(&item->tree_item.base.siblings_link)) {
+ return;
+ }
+
worker->drawable_count--;
if (item->tree_item.effect != QXL_EFFECT_OPAQUE) {
@@ -2707,22 +2711,29 @@ static inline int red_current_add_equal(RedWorker *worker, DrawItem *item, TreeI
int add_after = !!other_drawable->stream && is_drawable_independent_from_surfaces(drawable);
red_stream_maintenance(worker, drawable, other_drawable);
__current_add_drawable(worker, drawable, &other->siblings_link);
+ /* red_pipe_add_drawable might lead to red_current_flush (in
+ red_handle_drawable_surfaces_client_synced). Hence, other_drawable might
+ be released during this call */
+ other_drawable->refs++;
if (add_after) {
red_pipe_add_drawable_after(worker, drawable, other_drawable);
} else {
red_pipe_add_drawable(worker, drawable);
}
remove_drawable(worker, other_drawable);
+ release_drawable(worker, other_drawable);
return TRUE;
}
switch (item->effect) {
case QXL_EFFECT_REVERT_ON_DUP:
if (is_same_drawable(worker, drawable, other_drawable)) {
+ other_drawable->refs++;
if (!ring_item_is_linked(&other_drawable->pipe_item.link)) {
red_pipe_add_drawable(worker, drawable);
}
remove_drawable(worker, other_drawable);
+ release_drawable(worker, other_drawable);
return TRUE;
}
break;
--
1.7.4.4
More information about the Spice-devel
mailing list