[Spice-devel] [PATCH spice-server v2 03/15] test-display-base: Avoid usage after free when the wakeup timer is freed

Wed Sep 6 16:26:53 UTC 2017

The wakeup timer is used by the worker thread and by the
main thread.
Destroying the object before destroying the worker thread
can lead to use after free.
Destroying the worker thread first makes sure we don't race.
This is detected easily when compiling the test with address sanitizer.

Signed-off-by: Frediano Ziglio <fziglio at redhat.com>
---
 server/tests/test-display-base.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

Changes since v1:
- update commit message and shortlog.

diff --git a/server/tests/test-display-base.c b/server/tests/test-display-base.c
index 14311dbc2..c35eec1da 100644
--- a/server/tests/test-display-base.c
+++ b/server/tests/test-display-base.c
@@ -921,8 +921,10 @@ Test *test_new(SpiceCoreInterface *core)
 
 void test_destroy(Test *test)
 {
-    test->core->timer_remove(test->wakeup_timer);
     spice_server_destroy(test->server);
+    // this timer is used by spice server so
+    // avoid to free it while is running
+    test->core->timer_remove(test->wakeup_timer);
     free(test->commands);
     free(test);
 }
-- 
2.13.5

