[Spice-devel] [PATCH spice-server v2 03/15] test-display-base: Avoid usage after free when the wakeup timer is freed
Christophe Fergeau
cfergeau at redhat.com
Thu Sep 7 07:49:36 UTC 2017
Acked-by: Christophe Fergeau <cfergeau at redhat.com>
On Wed, Sep 06, 2017 at 05:26:53PM +0100, Frediano Ziglio wrote:
> The wakeup timer is used by the worker thread and by the
> main thread.
> Destroying the object before destroying the worker thread
> can lead to use after free.
> Destroying the worker thread first makes sure we don't race.
> This is detected easily when compiling the test with address sanitizer.
>
> Signed-off-by: Frediano Ziglio <fziglio at redhat.com>
> ---
> server/tests/test-display-base.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> Changes since v1:
> - update commit message and shortlog.
>
> diff --git a/server/tests/test-display-base.c b/server/tests/test-display-base.c
> index 14311dbc2..c35eec1da 100644
> --- a/server/tests/test-display-base.c
> +++ b/server/tests/test-display-base.c
> @@ -921,8 +921,10 @@ Test *test_new(SpiceCoreInterface *core)
>
> void test_destroy(Test *test)
> {
> - test->core->timer_remove(test->wakeup_timer);
> spice_server_destroy(test->server);
> + // this timer is used by spice server so
> + // avoid to free it while is running
> + test->core->timer_remove(test->wakeup_timer);
> free(test->commands);
> free(test);
> }
> --
> 2.13.5
>
> _______________________________________________
> Spice-devel mailing list
> Spice-devel at lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/spice-devel
More information about the Spice-devel
mailing list