On Tue, Feb 25, 2014 at 11:45:39AM +0100, Marc-André Lureau wrote: > Since 1fcaaa15f8aca362f9e6afc87fb43cfbccf6ff62, display_surface is > allocated using gslice. However MSG_DISPLAY_MODE handler didn't allocate > using GSlice. This can eventually lead to a crash when freeing, such as: ACK Christophe > > Thread no. 1 (6 frames) > #2 g_slice_free1 at gslice.c:1097 > #3 iter_remove_or_steal at ghash.c:787 > #4 clear_surfaces at /lib64/libspice-client-glib-2.0.so.8 > #5 spice_display_channel_finalize at > /lib64/libspice-client-glib-2.0.so.8 > #7 spice_channel_delayed_unref at /lib64/libspice-client-glib-2.0.so.8 > #12 gtk_main at gtkmain.c:1158 > > https://bugzilla.redhat.com/show_bug.cgi?id=1069546 > --- > gtk/channel-display.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/gtk/channel-display.c b/gtk/channel-display.c > index e464abf..96fd764 100644 > --- a/gtk/channel-display.c > +++ b/gtk/channel-display.c > @@ -886,7 +886,7 @@ static void display_handle_mode(SpiceChannel *channel, SpiceMsgIn *in) > > g_warn_if_fail(c->mark == FALSE); > > - surface = spice_new0(display_surface, 1); > + surface = g_slice_new0(display_surface); > surface->format = mode->bits == 32 ? > SPICE_SURFACE_FMT_32_xRGB : SPICE_SURFACE_FMT_16_555; > surface->width = mode->x_res; > -- > 1.8.5.3 > > _______________________________________________ > Spice-devel mailing list > Spice-devel@xxxxxxxxxxxxxxxxxxxxx > http://lists.freedesktop.org/mailman/listinfo/spice-devel
Attachment:
pgpDsO7kWQyUm.pgp
Description: PGP signature
_______________________________________________ Spice-devel mailing list Spice-devel@xxxxxxxxxxxxxxxxxxxxx http://lists.freedesktop.org/mailman/listinfo/spice-devel