[Spice-devel] [PATCH spice-gtk] usbredir: prevent crash when calling without host

Sat Dec 20 00:27:09 PST 2014

Il 20/12/2014 01:09, Marc-André Lureau ha scritto:
> Quite annoyingly, usbredir doesn't have public functions arguments
> preconditions, and will weirdly run the flush callback during
> initialization.
>
> With 201a8c2 change, the channel state is kept as it is when calling
> reset. This will result in the following crash that was avoided before
> thanks to a precondition on the channel to be ready. Adding a further
> precondition check on priv->host != NULL solves the following crash
> during reset():
>
> Program received signal SIGSEGV, Segmentation fault.
> usbredirhost_write_guest_data (host=0x0) at usbredirhost.c:868
> 868                               return
> usbredirparser_do_write(host->parser);
> (gdb) bt
>  #0  0x00007fffb2ed24d0 in usbredirhost_write_guest_data (host=0x0) at
>  #usbredirhost.c:868
>  #1  0x00007fffc81d463b in
>  #usbredir_write_flush_callback (user_data=0x2d95250) at
>  #channel-usbredir.c:469
>  #2  0x00007fffb2ed23f9 in usbredirhost_open_full (usb_ctx=0x2baba70,
>  #usb_dev_handle=0x0, log_func=<optimized out>,
>  #read_guest_data_func=0x7fffc81d482c <usbredir_read_callback>,
>  #write_guest_data_func=0x7fffc81d4952 <usbredir_write_callback>,
>  #flush_writes_func=0x7fffc81d45c3 <usbredir_write_flush_callback>,
>  #alloc_lock_func=0x7fffc81d49f1 <usbredir_alloc_lock>,
>  #lock_func=0x7fffc81d4a41 <usbredir_lock_lock>,
>  #unlock_func=0x7fffc81d4a86 <usbredir_unlock_lock>,
>  #free_lock_func=0x7fffc81d4acb <usbredir_free_lock>,
>  #func_priv=0x2d95250, version=0x7fffc8283dcf "spice-gtk
>  #0.27.7-89db-dirty", verbose=4, flags=1) at usbredirhost.c:748
>  #3  0x00007fffc81d3b22 in
>  #spice_usbredir_channel_set_context (channel=0x2d95250
>  #[SpiceUsbredirChannel], context=0x2baba70) at channel-usbredir.c:212
>  #4  0x00007fffc81d37a9 in spice_usbredir_channel_reset (c=0x2d95250
>  #[SpiceUsbredirChannel], migrating=0)
>  at channel-usbredir.c:125
>  #5  0x00007fffc81b7f8d in spice_channel_reset (channel=0x2d95250
>  [SpiceUsbredirChannel], migrating=0)
>  at spice-channel.c:2688
>  #6  0x00007fffc81b8057 in channel_disconnect (channel=0x2d95250
>  [SpiceUsbredirChannel]) at spice-channel.c:2706
>  #7  0x00007fffc81b7559 in
>  spice_channel_coroutine (data=0x2d95250) at spice-channel.c:2490

Thanks for this fix, monday I'll test it.
Should it solves also this? http://pastebin.com/WasuR0WX More info here:
http://lists.freedesktop.org/archives/spice-devel/2014-December/018438.html
Or only this? http://pastebin.com/2uTXUY5h

Thanks for any reply.

> ---
>  gtk/channel-usbredir.c | 3 +++
>  1 file changed, 3 insertions(+)
>
> diff --git a/gtk/channel-usbredir.c b/gtk/channel-usbredir.c
> index 5238566..b1a91fb 100644
> --- a/gtk/channel-usbredir.c
> +++ b/gtk/channel-usbredir.c
> @@ -466,6 +466,9 @@ static void usbredir_write_flush_callback(void *user_data)
>              SPICE_CHANNEL_STATE_READY)
>          return;
>  
> +    if (!priv->host)
> +        return;
> +
>      usbredirhost_write_guest_data(priv->host);
>  }
>  

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4297 bytes
Desc: Firma crittografica S/MIME
URL: <http://lists.freedesktop.org/archives/spice-devel/attachments/20141220/835cb656/attachment.bin>