[Spice-devel] [spice-gtk v2] usb-device-widget: Fix crash on no USB devices
Eduardo Lima (Etrunko)
etrunko at redhat.com
Mon Apr 16 19:14:48 UTC 2018
On 13/04/18 18:20, Victor Toso wrote:
> Hi,
>
> On Fri, Apr 13, 2018 at 03:14:56PM -0300, Eduardo Lima (Etrunko) wrote:
>> On 13/04/18 05:50, Victor Toso wrote:
>>> From: goldengdeng <907246009 at qq.com>
>>>
>>> The spice_usb_device_manager_get_devices() is only checking for NULL
>>> while the program can crash when no USB devices are available.
>>>
>>> Signed-off-by: Victor Toso <victortoso at redhat.com>
>>> ---
>>> src/usb-device-widget.c | 3 ++-
>>> 1 file changed, 2 insertions(+), 1 deletion(-)
>>>
>>> diff --git a/src/usb-device-widget.c b/src/usb-device-widget.c
>>> index a3c0910..1be80ae 100644
>>> --- a/src/usb-device-widget.c
>>> +++ b/src/usb-device-widget.c
>>> @@ -218,8 +218,9 @@ static void spice_usb_device_widget_constructed(GObject *gobject)
>>> G_CALLBACK(device_error_cb), self);
>>>
>>> devices = spice_usb_device_manager_get_devices(priv->manager);
>>> - if (!devices)
>>> + if (devices == NULL || devices->len == 0) {
>>> goto end;
>>> + }
>>
>> Does it mean that the crash is happening on g_ptr_array_unref() call
>> (which happens after the loop below)?
>
> Even if we call g_ptr_array_unref() with NULL, it just log some
> criticals.
>
>> Would be interesting to see the backtrace for this supposed
>> crash, because this patch does not seem correct to me.
>
> Yeah, I agree. I've asked in the original email too although the
> change itself is not complex I don't want to dive into 'where
> could it crash' but for sure we should check if devices is NULL
> (the original patch removed that).
>
I agree with the check for NULL, but the new conditional for
devices->len is already done in the loop, thus the reason I asked for
the trace.
Regards, Eduardo
--
Eduardo de Barros Lima (Etrunko)
Software Engineer - RedHat
etrunko at redhat.com
More information about the Spice-devel
mailing list