[Spice-devel] [PATCH v2] Handle flow control without crashing for agent
Frediano Ziglio
fziglio at redhat.com
Tue May 31 12:06:56 UTC 2016
RedCharDevice used for the agent has flow control enabled.
This make possible for red_char_device_write_buffer_get to return NULL.
Handle such situation without crashing avoiding NULL dereference.
This fixes https://bugs.freedesktop.org/show_bug.cgi?id=95416.
Signed-off-by: Frediano Ziglio <fziglio at redhat.com>
---
server/reds.c | 5 +++++
1 file changed, 5 insertions(+)
Changes from v1:
- put inline comment to explain the reason of the check.
Victor (bug reporter) tested this patch successfully.
diff --git a/server/reds.c b/server/reds.c
index e4d806c..f8cfdfb 100644
--- a/server/reds.c
+++ b/server/reds.c
@@ -1120,6 +1120,11 @@ uint8_t *reds_get_agent_data_buffer(RedsState *reds, MainChannelClient *mcc, siz
dev->priv->recv_from_client_buf = red_char_device_write_buffer_get(RED_CHAR_DEVICE(dev),
client,
size + sizeof(VDIChunkHeader));
+ /* check if buffer was allocated, as flow control is enabled for
+ * this device this is a normal condition */
+ if (!dev->priv->recv_from_client_buf) {
+ return NULL;
+ }
dev->priv->recv_from_client_buf_pushed = FALSE;
return dev->priv->recv_from_client_buf->buf + sizeof(VDIChunkHeader);
}
--
2.7.4
More information about the Spice-devel
mailing list