[Spice-devel] [spice-gtk v2 1/2] channel-usbredir: Fix crash on channel-up
Christophe Fergeau
cfergeau at redhat.com
Thu Dec 1 12:29:50 UTC 2016
On Wed, Nov 30, 2016 at 06:36:32PM +0100, Victor Toso wrote:
> From: Victor Toso <me at victortoso.com>
>
> SpiceSession does not initialize its SpiceUsbDeviceManager object on
> startup that could lead to a race condition where channel-usbredir is
> requested to flush data while it is uninitialized.
>
> In a few places, spice_usb_device_manager_get() is called as in
> usb-device-widget.c and spice-gtk-session.c but not used in
> spicy-stats, making the tool to crash on startup.
Just running spicy-stats when there is a usbredir channel is going to
cause a crash? Isn't this avoided by your next patch as well which makes
sure host is not NULL before trying to flush?
Christophe
>
> #0 in usbredirhost_write_guest_data (host=0x0) at usbredir/usbredirhost/usbredirhost.c:876
> #1 in spice_usbredir_channel_up (c=0x643830) at channel-usbredir.c:821
> #2 in spice_channel_up (channel=0x643830) at spice-channel.c:1238
> #3 in spice_channel_recv_auth (channel=0x643830) at spice-channel.c:1225
> #4 in spice_channel_coroutine (data=0x643830) at spice-channel.c:2580
> #5 in coroutine_trampoline (cc=0x642ec0) at coroutine_ucontext.c:63
> #6 in continuation_trampoline (i0=6565568, i1=0) at continuation.c:55
>
> Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1399838
>
> Signed-off-by: Victor Toso <victortoso at redhat.com>
> Reported-by: Michael Cullen <michael at cullen-online.com>
> ---
> src/spice-session.c | 7 +++++++
> 1 file changed, 7 insertions(+)
>
> diff --git a/src/spice-session.c b/src/spice-session.c
> index f900bd1..91e4f97 100644
> --- a/src/spice-session.c
> +++ b/src/spice-session.c
> @@ -281,6 +281,7 @@ static void spice_session_init(SpiceSession *session)
> {
> SpiceSessionPrivate *s;
> gchar *channels;
> + GError *err = NULL;
>
> SPICE_DEBUG("New session (compiled from package " PACKAGE_STRING ")");
> s = session->priv = SPICE_SESSION_GET_PRIVATE(session);
> @@ -293,6 +294,12 @@ static void spice_session_init(SpiceSession *session)
> s->images = cache_image_new((GDestroyNotify)pixman_image_unref);
> s->glz_window = glz_decoder_window_new();
> update_proxy(session, NULL);
> +
> + spice_usb_device_manager_get(session, &err);
> + if (err != NULL) {
> + SPICE_DEBUG("Could not initialize SpiceUsbDeviceManager - %s", err->message);
> + g_clear_error(&err);
> + }
> }
>
> static void
> --
> 2.9.3
>
> _______________________________________________
> Spice-devel mailing list
> Spice-devel at lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/spice-devel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <https://lists.freedesktop.org/archives/spice-devel/attachments/20161201/582ff74c/attachment.sig>
More information about the Spice-devel
mailing list