[Spice-devel] [PATCH spice-gtk 1/4] channel-main: Fix dangling references to freed file-xfer-tasks on agent cancel

Hans de Goede hdegoede at redhat.com
Sun Mar 3 08:52:02 PST 2013 

While testing the agent error handling code I was triggering the
agent-file-xfer-cancel code-path in sice-gtk. This crashes due to the
flushing queue still having a reference to the task in question when its
gets cancelled from the agent side. This fixes this.

Signed-off-by: Hans de Goede <hdegoede at redhat.com>
---
 gtk/channel-main.c | 17 +++++++++++++++++
 spice-common       |  2 +-
 2 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/gtk/channel-main.c b/gtk/channel-main.c
index 40d27cc..531b1e8 100644
--- a/gtk/channel-main.c
+++ b/gtk/channel-main.c
@@ -1516,17 +1516,31 @@ static void file_xfer_task_free(SpiceFileXferTask *task)
 }
 
 /* main context */
+static void file_xfer_remove_flush(gpointer data, gpointer user_data)
+{
+    GAsyncResult *res = G_ASYNC_RESULT(data);
+    SpiceFileXferTask *task = user_data;
+    SpiceMainChannelPrivate *c = task->channel->priv;
+
+    if (g_async_result_get_user_data(res) == task) {
+        c->flushing = g_slist_remove(c->flushing, res);
+        g_object_unref(res);
+    }
+}
+
 static void file_xfer_close_cb(GObject      *object,
                                GAsyncResult *close_res,
                                gpointer      user_data)
 {
     GSimpleAsyncResult *res;
     SpiceFileXferTask *task;
+    SpiceMainChannelPrivate *c;
     GInputStream *stream = G_INPUT_STREAM(object);
     GError *error = NULL;
 
     stream = G_INPUT_STREAM(object);
     task = user_data;
+    c = task->channel->priv;
 
     g_input_stream_close_finish(stream, close_res, &error);
     if (error) {
@@ -1550,6 +1564,9 @@ static void file_xfer_close_cb(GObject      *object,
     g_simple_async_result_complete_in_idle(res);
     g_object_unref(res);
 
+    /* On agent cancel there may be pending flushes referencing this task */
+    g_slist_foreach(c->flushing, file_xfer_remove_flush, task);
+
     file_xfer_task_free(task);
 }
 
diff --git a/spice-common b/spice-common
index 149bb89..df09927 160000
--- a/spice-common
+++ b/spice-common
@@ -1 +1 @@
-Subproject commit 149bb89adb0d7676c41085b3e41f07113e05c880
+Subproject commit df09927c3bb921f51a3a1f6ca09063bf44f1ee5b
-- 
1.8.1.2

More information about the Spice-devel mailing list