[Spice-devel] [PATCH 2/9] server/red_worker: red_draw_qxl_drawable: protect from NULL dereference in case of buggy driver (or recording)

[Frediano Ziglio]

> 
> From: Alon Levy <alon at pobox.com>
> 
> ---
>  server/red_worker.c | 5 +++++
>  1 file changed, 5 insertions(+)
> 
> diff --git a/server/red_worker.c b/server/red_worker.c
> index ef529f1..225c272 100644
> --- a/server/red_worker.c
> +++ b/server/red_worker.c
> @@ -4203,6 +4203,11 @@ static void red_draw_qxl_drawable(RedWorker *worker,
> Drawable *drawable)
>  
>      image_cache_aging(&worker->image_cache);
>  
> +    if (!canvas) {
> +        spice_warning("ignoring drawable to destroyed surface %d\n",
> drawable->surface_id);
> +        return;
> +    }
> +
>      region_add(&surface->draw_dirty_region, &drawable->red_drawable->bbox);
>  
>      switch (drawable->red_drawable->type) {

This is quite odd... when a surface is freed all drawables referring to that
surface are freed. So if this happens it means that the memory status is not
correct. I would replace perhaps with an assert instead.

Alon, this this condition happened ?

Frediano