[Spice-devel] [PATCH] spice_timer_queue: fix access after free
Frediano Ziglio
fziglio at redhat.com
Thu Sep 3 02:09:31 PDT 2015
>
> Hey,
>
> On Thu, Sep 03, 2015 at 09:21:04AM +0100, Frediano Ziglio wrote:
> > Do not access to timer after we call the associated function.
> > Some of these callbacks can free timer making the pointer pointing
> > to freed data.
>
> Some callbacks are calling
> spice_timer_remove()/spice_timer_queue_destroy() which then frees
> the SpiceTimer instance? Or is something more complicated happening?
>
> Christophe
>
Yes, the callback calls spice_timer_remove.
Nobody is calling spice_timer_queue_destroy.
Frediano
More information about the Spice-devel
mailing list