[Spice-devel] [PATCH] Handle flow control without crashing for agent
Victor Toso
lists at victortoso.com
Tue May 31 11:09:33 UTC 2016
Hi,
On Tue, May 31, 2016 at 06:31:23AM -0400, Frediano Ziglio wrote:
> > Hi,
> >
> > On Tue, May 31, 2016 at 11:20:04AM +0100, Frediano Ziglio wrote:
> > > RedCharDevice used for the agent has flow control enabled.
> > > This make possible for red_char_device_write_buffer_get to return NULL.
> > > Handle such situation without crashing avoiding NULL dereference.
> > >
> > > This fixes https://bugs.freedesktop.org/show_bug.cgi?id=95416.
> > >
> > > Signed-off-by: Frediano Ziglio <fziglio at redhat.com>
> > > ---
> > > server/reds.c | 3 +++
> > > 1 file changed, 3 insertions(+)
> > >
> > > diff --git a/server/reds.c b/server/reds.c
> > > index e4d806c..72dee84 100644
> > > --- a/server/reds.c
> > > +++ b/server/reds.c
> > > @@ -1120,6 +1120,9 @@ uint8_t *reds_get_agent_data_buffer(RedsState *reds,
> > > MainChannelClient *mcc, siz
> > > dev->priv->recv_from_client_buf =
> > > red_char_device_write_buffer_get(RED_CHAR_DEVICE(dev),
> > > client,
> > > size
> > > +
> > > sizeof(VDIChunkHeader));
> > > + if (!dev->priv->recv_from_client_buf) {
> > > + return NULL;
> > > + }
> >
> > Is this expected? If not, maybe a g_return_val_if_fail would fit better.
> >
>
> Thought was clear from the comment.
> Yes, in case of flow control it's the way char device tell the
> user of the class to wait.
> There is already a warning in char device.
Indeed, thanks for the explanation.
I've tested and patch fixes the issue and now I find a new other issue,
but on client-side... :-)
Cheers,
toso
>
> > > dev->priv->recv_from_client_buf_pushed = FALSE;
> > > return dev->priv->recv_from_client_buf->buf + sizeof(VDIChunkHeader);
> > > }
>
> Frediano
More information about the Spice-devel
mailing list