[Spice-devel] [PATCH v2 7/8] replay: Update pointer in allocated list

Frediano Ziglio fziglio at redhat.com
Thu Sep 15 22:19:39 UTC 2016


Avoid to free invalid pointer.

Signed-off-by: Frediano Ziglio <fziglio at redhat.com>
---
 server/red-replay-qxl.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/server/red-replay-qxl.c b/server/red-replay-qxl.c
index 45c105c..73f9cd4 100644
--- a/server/red-replay-qxl.c
+++ b/server/red-replay-qxl.c
@@ -413,6 +413,7 @@ static QXLImage *red_replay_image(SpiceReplay *replay, uint32_t flags)
     int temp;
     int has_palette;
     int has_image;
+    GList *elem;
 
     replay_fscanf(replay, "image %d\n", &has_image);
     if (replay->error) {
@@ -423,6 +424,7 @@ static QXLImage *red_replay_image(SpiceReplay *replay, uint32_t flags)
     }
 
     qxl = (QXLImage*)replay_malloc0(replay, sizeof(QXLImage));
+    elem = replay->allocated;
     replay_fscanf(replay, "descriptor.id %"PRIu64"\n", &qxl->descriptor.id);
     replay_fscanf(replay, "descriptor.type %d\n", &temp); qxl->descriptor.type = temp;
     replay_fscanf(replay, "descriptor.flags %d\n", &temp); qxl->descriptor.flags = temp;
@@ -485,8 +487,9 @@ static QXLImage *red_replay_image(SpiceReplay *replay, uint32_t flags)
         if (replay->error) {
             return NULL;
         }
-        qxl = realloc(qxl, sizeof(QXLImageDescriptor) + sizeof(QXLQUICData) +
-                      qxl->quic.data_size);
+        qxl = spice_realloc(qxl, sizeof(QXLImageDescriptor) + sizeof(QXLQUICData) +
+                            qxl->quic.data_size);
+        elem->data = qxl;
         size = red_replay_data_chunks(replay, "quic.data", (uint8_t**)&qxl->quic.data, 0);
         spice_assert(size == qxl->quic.data_size);
         break;
-- 
2.7.4



More information about the Spice-devel mailing list