[Spice-devel] [PATCH spice-server 2/2] Increment correctly reference before adding the item to marshaller
Frediano Ziglio
fziglio at redhat.com
Wed Jan 4 13:35:15 UTC 2017
When the initial image was sent to the client the reference
was not incremented leading to some user after free.
This regression was introduced in
3bde2e570cbfd4f29a2e94c14ff28b6e3987048d
("DCC: remove more init_send_data() arguments").
Signed-off-by: Frediano Ziglio <fziglio at redhat.com>
---
server/dcc-send.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/server/dcc-send.c b/server/dcc-send.c
index ab5f010..510dfe0 100644
--- a/server/dcc-send.c
+++ b/server/dcc-send.c
@@ -2005,6 +2005,7 @@ static void red_marshall_image(RedChannelClient *rcc,
spice_marshall_Image(src_bitmap_out, &red_image,
&bitmap_palette_out, &lzplt_palette_out);
+ red_pipe_item_ref(&item->base);
spice_marshaller_add_by_ref_full(src_bitmap_out, item->data,
bitmap.y * bitmap.stride,
marshaller_unref_pipe_item, item);
--
2.9.3
More information about the Spice-devel
mailing list