[Spice-devel] [PATCH spice-server] Avoid leaking ping_timer in MainChannelClient
Frediano Ziglio
fziglio at redhat.com
Fri Nov 18 09:38:49 UTC 2016
This leaks happen for every connection. Potentially the timer can
be called after the client is closed causing an use after free.
Recently RED_STATISTICS was switched off by default but previous
version have this issue.
Signed-off-by: Frediano Ziglio <fziglio at redhat.com>
---
server/main-channel-client.c | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/server/main-channel-client.c b/server/main-channel-client.c
index 7304586..987f260 100644
--- a/server/main-channel-client.c
+++ b/server/main-channel-client.c
@@ -184,6 +184,20 @@ static void main_channel_client_constructed(GObject *object)
#endif
}
+static void main_channel_client_finalize(GObject *object)
+{
+#ifdef RED_STATISTICS
+ MainChannelClient *self = MAIN_CHANNEL_CLIENT(object);
+ RedsState *reds =
+ red_channel_get_server(red_channel_client_get_channel(RED_CHANNEL_CLIENT(object)));
+
+ if (self->priv->ping_timer) {
+ reds_core_timer_remove(reds, self->priv->ping_timer);
+ }
+#endif
+ G_OBJECT_CLASS(main_channel_client_parent_class)->finalize(object);
+}
+
static void main_channel_client_class_init(MainChannelClientClass *klass)
{
GObjectClass *object_class = G_OBJECT_CLASS(klass);
@@ -192,6 +206,7 @@ static void main_channel_client_class_init(MainChannelClientClass *klass)
object_class->get_property = main_channel_client_get_property;
object_class->set_property = main_channel_client_set_property;
+ object_class->finalize = main_channel_client_finalize;
object_class->constructed = main_channel_client_constructed;
g_object_class_install_property(object_class,
--
2.7.4
More information about the Spice-devel
mailing list