[Spice-devel] [spice PATCH v1 1/2] char-device: set to NULL freed pointers on destroy
Victor Toso
victortoso at redhat.com
Fri Nov 13 02:11:12 PST 2015
As SpiceCharDeviceState is only unref on spice_char_device_state_destroy
the same device could be destroyed more then once so the pointers that
are freed should be set to NULL.
Related: https://bugzilla.redhat.com/show_bug.cgi?id=1281455
---
server/char_device.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/server/char_device.c b/server/char_device.c
index fe38385..ae7cb98 100644
--- a/server/char_device.c
+++ b/server/char_device.c
@@ -742,11 +742,13 @@ void spice_char_device_state_destroy(SpiceCharDeviceState *char_dev)
reds_on_char_device_state_destroy(char_dev);
if (char_dev->write_to_dev_timer) {
core->timer_remove(char_dev->write_to_dev_timer);
+ char_dev->write_to_dev_timer = NULL;
}
write_buffers_queue_free(&char_dev->write_queue);
write_buffers_queue_free(&char_dev->write_bufs_pool);
char_dev->cur_pool_size = 0;
spice_char_device_write_buffer_free(char_dev->cur_write_buf);
+ char_dev->cur_write_buf = NULL;
while (!ring_is_empty(&char_dev->clients)) {
RingItem *item = ring_get_tail(&char_dev->clients);
--
2.5.0
More information about the Spice-devel
mailing list