[Spice-devel] [spice PATCH v2 2/6] image_encoders: check shared_dict before accessing it
Frediano Ziglio
fziglio at redhat.com
Tue Dec 6 16:43:04 UTC 2016
>
> In both image_encoders_restore_glz_dictionary() and
> image_encoders_get_glz_dictionary() shared-dict may
> be NULL if size is too large, and the server gets
> size from the network.
>
> Both functions end up calling glz_enc_dictionary_create()
> that calls glz_dictionary_window_create() where size is
> checked.
>
> Found by coverity.
>
> Signed-off-by: Uri Lublin <uril at redhat.com>
> ---
> server/image-encoders.c | 8 ++++++--
> 1 file changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/server/image-encoders.c b/server/image-encoders.c
> index 3a73e0c..0d57260 100644
> --- a/server/image-encoders.c
> +++ b/server/image-encoders.c
> @@ -746,7 +746,9 @@ gboolean image_encoders_get_glz_dictionary(ImageEncoders
> *enc,
> shared_dict->refs++;
> } else {
> shared_dict = create_glz_dictionary(enc, client, id, window_size);
> - glz_dictionary_list = g_list_prepend(glz_dictionary_list,
> shared_dict);
> + if (shared_dict != NULL) {
> + glz_dictionary_list = g_list_prepend(glz_dictionary_list,
> shared_dict);
> + }
> }
>
> pthread_mutex_unlock(&glz_dictionary_list_lock);
> @@ -782,7 +784,9 @@ gboolean
> image_encoders_restore_glz_dictionary(ImageEncoders *enc,
> shared_dict->refs++;
> } else {
> shared_dict = restore_glz_dictionary(enc, client, id, restore_data);
> - glz_dictionary_list = g_list_prepend(glz_dictionary_list,
> shared_dict);
> + if(shared_dict != NULL) {
> + glz_dictionary_list = g_list_prepend(glz_dictionary_list,
> shared_dict);
> + }
> }
>
> pthread_mutex_unlock(&glz_dictionary_list_lock);
Does not hurt.
Acked-by: Frediano Ziglio <fziglio at redhat.com>
Frediano
More information about the Spice-devel
mailing list