[Spice-devel] [PATCH v2] Handle flow control without crashing for agent
Uri Lublin
uril at redhat.com
Tue May 31 15:16:14 UTC 2016
On 05/31/2016 03:06 PM, Frediano Ziglio wrote:
> RedCharDevice used for the agent has flow control enabled.
> This make possible for red_char_device_write_buffer_get to return NULL.
> Handle such situation without crashing avoiding NULL dereference.
>
> This fixes https://bugs.freedesktop.org/show_bug.cgi?id=95416.
Hi Frediano
Ack.
I'd like to mention that there may be other cases where
red_char_device_write_buffer_get returns NULL, and
that the case you mentioned is the one happens on
fdo bug 95416 mentioned above.
Regards,
Uri
>
> Signed-off-by: Frediano Ziglio <fziglio at redhat.com>
> ---
> server/reds.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> Changes from v1:
> - put inline comment to explain the reason of the check.
>
> Victor (bug reporter) tested this patch successfully.
>
> diff --git a/server/reds.c b/server/reds.c
> index e4d806c..f8cfdfb 100644
> --- a/server/reds.c
> +++ b/server/reds.c
> @@ -1120,6 +1120,11 @@ uint8_t *reds_get_agent_data_buffer(RedsState *reds, MainChannelClient *mcc, siz
> dev->priv->recv_from_client_buf = red_char_device_write_buffer_get(RED_CHAR_DEVICE(dev),
> client,
> size + sizeof(VDIChunkHeader));
> + /* check if buffer was allocated, as flow control is enabled for
> + * this device this is a normal condition */
> + if (!dev->priv->recv_from_client_buf) {
> + return NULL;
> + }
> dev->priv->recv_from_client_buf_pushed = FALSE;
> return dev->priv->recv_from_client_buf->buf + sizeof(VDIChunkHeader);
> }
>
More information about the Spice-devel
mailing list