[Spice-devel] [PATCH] prevent free setting same cursor in worker in red_set_cursor
Christophe Fergeau
cfergeau at redhat.com
Wed Aug 26 07:16:26 PDT 2015
On Wed, Aug 26, 2015 at 10:01:12AM -0400, Frediano Ziglio wrote:
> >
> > On Fri, Aug 21, 2015 at 10:26:40AM +0100, Frediano Ziglio wrote:
> > > Currently caller don't call red_set_cursor with cursor in worker->cursor
> > > but in theory is possible.
> > > Doing so could cause the cursor to be freed and than reused as initially
> > > the reference counter is 1 so object is freed but then attempted to
> > > be used again.
> >
> > I would say if the caller is doing that, then it should own a reference
> > to the cursor and not rely on the reference owned by 'something else'
> > (in this case RedWorker) to keep the object alive while it's being set.
> >
> > Christophe
> >
>
> IMHO better safe than sorry anyway. In other reference counter usage I saw this
> problem. At the end the change costs nothing.
In a way, yes, but I still think that code trying to do that should have
its own reference (and worker->cursor should be private to control what
code can access it, and the getter API give a new ref to callers to
avoid this problem). I already know that any code I'm going to write is
always going to be free the existing member, and then duplicate the arg,
so we could change it here. Is this the only place in the whole code
base where this can happen?
Christophe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/spice-devel/attachments/20150826/d366cfd3/attachment.sig>
More information about the Spice-devel
mailing list