Hi, On Tue, May 31, 2016 at 06:31:23AM -0400, Frediano Ziglio wrote: > > Hi, > > > > On Tue, May 31, 2016 at 11:20:04AM +0100, Frediano Ziglio wrote: > > > RedCharDevice used for the agent has flow control enabled. > > > This make possible for red_char_device_write_buffer_get to return NULL. > > > Handle such situation without crashing avoiding NULL dereference. > > > > > > This fixes https://bugs.freedesktop.org/show_bug.cgi?id=95416. > > > > > > Signed-off-by: Frediano Ziglio <fziglio@xxxxxxxxxx> > > > --- > > > server/reds.c | 3 +++ > > > 1 file changed, 3 insertions(+) > > > > > > diff --git a/server/reds.c b/server/reds.c > > > index e4d806c..72dee84 100644 > > > --- a/server/reds.c > > > +++ b/server/reds.c > > > @@ -1120,6 +1120,9 @@ uint8_t *reds_get_agent_data_buffer(RedsState *reds, > > > MainChannelClient *mcc, siz > > > dev->priv->recv_from_client_buf = > > > red_char_device_write_buffer_get(RED_CHAR_DEVICE(dev), > > > client, > > > size > > > + > > > sizeof(VDIChunkHeader)); > > > + if (!dev->priv->recv_from_client_buf) { > > > + return NULL; > > > + } > > > > Is this expected? If not, maybe a g_return_val_if_fail would fit better. > > > > Thought was clear from the comment. > Yes, in case of flow control it's the way char device tell the > user of the class to wait. > There is already a warning in char device. Indeed, thanks for the explanation. I've tested and patch fixes the issue and now I find a new other issue, but on client-side... :-) Cheers, toso > > > > dev->priv->recv_from_client_buf_pushed = FALSE; > > > return dev->priv->recv_from_client_buf->buf + sizeof(VDIChunkHeader); > > > } > > Frediano _______________________________________________ Spice-devel mailing list Spice-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/spice-devel