[Spice-devel] [PATCH v4] fix crash if agent interface is removed
Frediano Ziglio
fziglio at redhat.com
Tue May 10 14:14:29 UTC 2016
Removing an interface cause SpiceBaseInstance->st to be set to NULL.
This pointer was then deferenced in agent code.
As SpiceBaseInstance should not be used after this call make sure
we don't keep pointers to it.
Signed-off-by: Frediano Ziglio <fziglio at redhat.com>
---
server/reds.c | 1 +
server/spice-server.h | 5 +++++
2 files changed, 6 insertions(+)
Changes from v3:
- improved comment.
diff --git a/server/reds.c b/server/reds.c
index f54534a..34de3b0 100644
--- a/server/reds.c
+++ b/server/reds.c
@@ -3264,6 +3264,7 @@ static void spice_server_char_device_remove_interface(RedsState *reds, SpiceBase
if (strcmp(char_device->subtype, SUBTYPE_VDAGENT) == 0) {
if (reds->vdagent) {
reds_agent_remove(reds);
+ red_char_device_reset_dev_instance(RED_CHAR_DEVICE(reds->agent_dev), NULL);
}
}
#ifdef USE_SMARTCARD
diff --git a/server/spice-server.h b/server/spice-server.h
index d309f18..87c5c59 100644
--- a/server/spice-server.h
+++ b/server/spice-server.h
@@ -67,6 +67,11 @@ int spice_server_add_ssl_client(SpiceServer *s, int socket, int skip_auth);
int spice_server_add_interface(SpiceServer *s,
SpiceBaseInstance *sin);
+/**
+ * Remove an interface from SpiceServer.
+ * SpiceServer won't be using the interface anymore, so it can
+ * be freed or reused.
+ */
int spice_server_remove_interface(SpiceBaseInstance *sin);
// Needed for backward API compatibility
--
2.5.5
More information about the Spice-devel
mailing list