[Spice-devel] [PATCH x11spice] Fix segfault when quitting with Quit button

Thu Jul 11 17:56:05 UTC 2019

Quitting with the Quit button or closing the window always causes a
segfault for me. Destroying the surface before removing the interface
seems to resolve the problem.

log from valgrind:
==7741== Invalid read of size 8
==7741==    at 0x6943517: red_qxl_destroy_primary_surface_sync (red-qxl.c:313)
==7741==    by 0x6943517: red_qxl_destroy_primary_surface (red-qxl.c:338)
==7741==    by 0x6943517: spice_qxl_destroy_primary_surface (red-qxl.c:696)
==7741==    by 0x111F60: spice_destroy_primary (spice.c:506)
==7741==    by 0x111F60: spice_end (spice.c:694)
==7741==    by 0x10CBDA: main (main.c:154)
==7741==  Address 0x88 is not stack'd, malloc'd or (recently) free'd
==7741==
==7741==
==7741== Process terminating with default action of signal 11 (SIGSEGV)
==7741==  Access not within mapped region at address 0x88
==7741==    at 0x6943517: red_qxl_destroy_primary_surface_sync (red-qxl.c:313)
==7741==    by 0x6943517: red_qxl_destroy_primary_surface (red-qxl.c:338)
==7741==    by 0x6943517: spice_qxl_destroy_primary_surface (red-qxl.c:696)
==7741==    by 0x111F60: spice_destroy_primary (spice.c:506)
==7741==    by 0x111F60: spice_end (spice.c:694)
==7741==    by 0x10CBDA: main (main.c:154)

Signed-off-by: Brendan Shanks <bshanks at codeweavers.com>
---
 src/spice.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/spice.c b/src/spice.c
index 8ec0b07..d966644 100644
--- a/src/spice.c
+++ b/src/spice.c
@@ -689,9 +689,9 @@ void spice_end(spice_t *s)
 {
     spice_server_remove_interface(&s->tablet_sin.base);
     spice_server_remove_interface(&s->keyboard_sin.base);
-    spice_server_remove_interface(&s->display_sin.base);
 
     spice_destroy_primary(s);
+    spice_server_remove_interface(&s->display_sin.base);
 
     spice_server_destroy(s->server);
 
-- 
2.17.1

