[Spice-devel] [PATCH spice-server] Avoid leaking memory on invalid cursor commands
Jonathon Jongsma
jjongsma at redhat.com
Tue Aug 22 20:44:58 UTC 2017
When a RedCursorCmd is passed to cursor_channel_process_cmd(), it
constructs a new CursorItem which takes ownership of that command. If
the cursor_cmd->type falls through to the default case of the switch
statement, we will print a warning and return without freeing the
CursorItem (and thus the RedCursorCmd).
---
server/cursor-channel.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/server/cursor-channel.c b/server/cursor-channel.c
index 4abcd531b..831c81e6e 100644
--- a/server/cursor-channel.c
+++ b/server/cursor-channel.c
@@ -337,6 +337,7 @@ void cursor_channel_process_cmd(CursorChannel *cursor, RedCursorCmd *cursor_cmd)
break;
default:
spice_warning("invalid cursor command %u", cursor_cmd->type);
+ cursor_item_unref(cursor_item);
return;
}
--
2.13.3
More information about the Spice-devel
mailing list