On Wed, Nov 26, 2014 at 06:56:13PM +0100, Marc-André Lureau wrote: > It was assumed the session would remain alive as long as channel > existed, so USB context would be valid too. Now that channels > are removed from session, USB context may be destroyed before > channels. This produces invalid read/write on USB context. > Make sure the context is alive as long as USB channels are by > adding a reference on USB manager. > > ==6939== Invalid write of size 4 > ==6939== at 0x394B604482: libusb_set_debug (core.c:1850) > ==6939== by 0x3953A063D5: usbredirhost_open_full (usbredirhost.c:741) > ==6939== by 0x4EC7E2F: > spice_usbredir_channel_set_context (channel-usbredir.c:212) > ==6939== by 0x4EC7AB6: > spice_usbredir_channel_reset (channel-usbredir.c:125) > ==6939== by 0x4EACCDC: spice_channel_reset (spice-channel.c:2621) > ==6939== by 0x4EACDB4: channel_disconnect (spice-channel.c:2640) > ==6939== by 0x4EAC28F: spice_channel_coroutine (spice-channel.c:2423) > ==6939== by 0x4EE8B1C: coroutine_trampoline (coroutine_ucontext.c:63) > ==6939== by 0x4EE87D6: continuation_trampoline (continuation.c:55) > ==6939== by 0x3928247FEF: ??? (in /usr/lib64/libc-2.20.so) > ==6939== by 0x51E36FF: ??? (in > /usr/local/stow/spice-gtk/lib/libspice-client-glib-2.0.so.8.5.0) > ==6939== by 0xCF0C18F: ??? > ==6939== Address 0xff15f90 is 0 bytes inside a block of size 536 free'd > ==6939== at 0x4A07CE9: free (in > /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) > ==6939== by 0x394B606466: libusb_exit (core.c:2041) > ==6939== by 0x4ECC590: spice_usb_device_manager_finalize (usb-device-manager.c:371) > --- > gtk/usb-device-manager.c | 8 ++++++++ > 1 file changed, 8 insertions(+) > > diff --git a/gtk/usb-device-manager.c b/gtk/usb-device-manager.c > index 7b27516..7a9fdc7 100644 > --- a/gtk/usb-device-manager.c > +++ b/gtk/usb-device-manager.c > @@ -767,6 +767,14 @@ static void channel_new(SpiceSession *session, SpiceChannel *channel, > g_ptr_array_add(self->priv->channels, channel); > > spice_usb_device_manager_check_redir_on_connect(self, channel); > + > + /* > + * add a reference to ourself, to make sure the context is alive I'd be explicit that it's about libusb context here > + * as long as channel is. as long as the channel is. ACK.
Attachment:
pgpALSFGmRRnV.pgp
Description: PGP signature
_______________________________________________ Spice-devel mailing list Spice-devel@xxxxxxxxxxxxxxxxxxxxx http://lists.freedesktop.org/mailman/listinfo/spice-devel