[Spice-devel] [PATCH server] coverity: avoid double free (82258)
Frediano Ziglio
fziglio at redhat.com
Mon Apr 18 10:21:57 UTC 2016
>
> Assign qxl to NULL if red_replay_data_chunks_free(which also free qxl)
> is being called
> ---
> server/red-replay-qxl.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/server/red-replay-qxl.c b/server/red-replay-qxl.c
> index 281bc7a..09e79b8 100644
> --- a/server/red-replay-qxl.c
> +++ b/server/red-replay-qxl.c
> @@ -450,6 +450,7 @@ static void red_replay_image_free(SpiceReplay *replay,
> QXLPHYSICAL p, uint32_t f
> break;
> case SPICE_IMAGE_TYPE_QUIC:
> red_replay_data_chunks_free(replay, qxl, 0);
> + qxl = NULL;
> break;
> default:
> spice_warn_if_reached();
Was looking at same issue couple of days ago.
I think this is broken. Quic image looks freed differently.
I think the line
red_replay_data_chunks_free(replay, qxl, 0);
is just buggy.
Did you tested it?
Frediano
More information about the Spice-devel
mailing list