[Spice-devel] [PATCH 2/9] server/red_worker: red_draw_qxl_drawable: protect from NULL dereference in case of buggy driver (or recording)
Fabiano FidĂȘncio
fabiano at fidencio.org
Wed Oct 21 12:52:44 PDT 2015
On Wed, Oct 21, 2015 at 2:15 PM, Frediano Ziglio <fziglio at redhat.com> wrote:
>
>>
>> From: Alon Levy <alon at pobox.com>
>>
>> ---
>> server/red_worker.c | 5 +++++
>> 1 file changed, 5 insertions(+)
>>
>> diff --git a/server/red_worker.c b/server/red_worker.c
>> index ef529f1..225c272 100644
>> --- a/server/red_worker.c
>> +++ b/server/red_worker.c
>> @@ -4203,6 +4203,11 @@ static void red_draw_qxl_drawable(RedWorker *worker,
>> Drawable *drawable)
>>
>> image_cache_aging(&worker->image_cache);
>>
>> + if (!canvas) {
>> + spice_warning("ignoring drawable to destroyed surface %d\n",
>> drawable->surface_id);
>> + return;
>> + }
>> +
>> region_add(&surface->draw_dirty_region, &drawable->red_drawable->bbox);
>>
>> switch (drawable->red_drawable->type) {
>
> This is quite odd... when a surface is freed all drawables referring to that
> surface are freed. So if this happens it means that the memory status is not
> correct. I would replace perhaps with an assert instead.
Thinking about the future "me" looking at this code and probably
bisecting to this commit I would keep it as a spice_warning().
--
Fabiano FidĂȘncio
More information about the Spice-devel
mailing list