[Spice-devel] [PATCH] spice_timer_queue: fix access after free
Christophe Fergeau
cfergeau at redhat.com
Thu Sep 3 02:22:01 PDT 2015
On Thu, Sep 03, 2015 at 05:09:31AM -0400, Frediano Ziglio wrote:
>
> >
> > Hey,
> >
> > On Thu, Sep 03, 2015 at 09:21:04AM +0100, Frediano Ziglio wrote:
> > > Do not access to timer after we call the associated function.
> > > Some of these callbacks can free timer making the pointer pointing
> > > to freed data.
> >
> > Some callbacks are calling
> > spice_timer_remove()/spice_timer_queue_destroy() which then frees
> > the SpiceTimer instance? Or is something more complicated happening?
> >
> > Christophe
> >
>
> Yes, the callback calls spice_timer_remove.
Can you replace "can free timer" with "can call spice_timer_remove" in
the log? ACK with that changed.
Christophe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/spice-devel/attachments/20150903/b3564060/attachment.sig>
More information about the Spice-devel
mailing list