[Spice-devel] [spice-gtk v2 1/2] channel-usbredir: Fix crash on channel-up

Victor Toso victortoso at redhat.com
Wed Nov 30 17:36:32 UTC 2016 

From: Victor Toso <me at victortoso.com>

SpiceSession does not initialize its SpiceUsbDeviceManager object on
startup that could lead to a race condition where channel-usbredir is
requested to flush data while it is uninitialized.

In a few places, spice_usb_device_manager_get() is called as in
usb-device-widget.c and spice-gtk-session.c but not used in
spicy-stats, making the tool to crash on startup.

 #0 in usbredirhost_write_guest_data (host=0x0) at usbredir/usbredirhost/usbredirhost.c:876
 #1 in spice_usbredir_channel_up (c=0x643830) at channel-usbredir.c:821
 #2 in spice_channel_up (channel=0x643830) at spice-channel.c:1238
 #3 in spice_channel_recv_auth (channel=0x643830) at spice-channel.c:1225
 #4 in spice_channel_coroutine (data=0x643830) at spice-channel.c:2580
 #5 in coroutine_trampoline (cc=0x642ec0) at coroutine_ucontext.c:63
 #6 in continuation_trampoline (i0=6565568, i1=0) at continuation.c:55

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1399838

Signed-off-by: Victor Toso <victortoso at redhat.com>
Reported-by: Michael Cullen <michael at cullen-online.com>
---
 src/spice-session.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/spice-session.c b/src/spice-session.c
index f900bd1..91e4f97 100644
--- a/src/spice-session.c
+++ b/src/spice-session.c
@@ -281,6 +281,7 @@ static void spice_session_init(SpiceSession *session)
 {
     SpiceSessionPrivate *s;
     gchar *channels;
+    GError *err = NULL;
 
     SPICE_DEBUG("New session (compiled from package " PACKAGE_STRING ")");
     s = session->priv = SPICE_SESSION_GET_PRIVATE(session);
@@ -293,6 +294,12 @@ static void spice_session_init(SpiceSession *session)
     s->images = cache_image_new((GDestroyNotify)pixman_image_unref);
     s->glz_window = glz_decoder_window_new();
     update_proxy(session, NULL);
+
+    spice_usb_device_manager_get(session, &err);
+    if (err != NULL) {
+        SPICE_DEBUG("Could not initialize SpiceUsbDeviceManager - %s", err->message);
+        g_clear_error(&err);
+    }
 }
 
 static void
-- 
2.9.3

More information about the Spice-devel mailing list