[Spice-devel] [PATCH] Handle flow control without crashing for agent
Victor Toso
lists at victortoso.com
Tue May 31 10:22:50 UTC 2016
Hi,
On Tue, May 31, 2016 at 11:20:04AM +0100, Frediano Ziglio wrote:
> RedCharDevice used for the agent has flow control enabled.
> This make possible for red_char_device_write_buffer_get to return NULL.
> Handle such situation without crashing avoiding NULL dereference.
>
> This fixes https://bugs.freedesktop.org/show_bug.cgi?id=95416.
>
> Signed-off-by: Frediano Ziglio <fziglio at redhat.com>
> ---
> server/reds.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/server/reds.c b/server/reds.c
> index e4d806c..72dee84 100644
> --- a/server/reds.c
> +++ b/server/reds.c
> @@ -1120,6 +1120,9 @@ uint8_t *reds_get_agent_data_buffer(RedsState *reds, MainChannelClient *mcc, siz
> dev->priv->recv_from_client_buf = red_char_device_write_buffer_get(RED_CHAR_DEVICE(dev),
> client,
> size + sizeof(VDIChunkHeader));
> + if (!dev->priv->recv_from_client_buf) {
> + return NULL;
> + }
Is this expected? If not, maybe a g_return_val_if_fail would fit better.
> dev->priv->recv_from_client_buf_pushed = FALSE;
> return dev->priv->recv_from_client_buf->buf + sizeof(VDIChunkHeader);
> }
> --
> 2.7.4
>
> _______________________________________________
> Spice-devel mailing list
> Spice-devel at lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/spice-devel
More information about the Spice-devel
mailing list