On 05/31/2016 03:06 PM, Frediano Ziglio wrote:
RedCharDevice used for the agent has flow control enabled.
This make possible for red_char_device_write_buffer_get to return NULL.
Handle such situation without crashing avoiding NULL dereference.
This fixes https://bugs.freedesktop.org/show_bug.cgi?id=95416.
Hi Frediano
Ack.
I'd like to mention that there may be other cases where
red_char_device_write_buffer_get returns NULL, and
that the case you mentioned is the one happens on
fdo bug 95416 mentioned above.
Regards,
Uri
Signed-off-by: Frediano Ziglio <fziglio@xxxxxxxxxx>
---
server/reds.c | 5 +++++
1 file changed, 5 insertions(+)
Changes from v1:
- put inline comment to explain the reason of the check.
Victor (bug reporter) tested this patch successfully.
diff --git a/server/reds.c b/server/reds.c
index e4d806c..f8cfdfb 100644
--- a/server/reds.c
+++ b/server/reds.c
@@ -1120,6 +1120,11 @@ uint8_t *reds_get_agent_data_buffer(RedsState *reds, MainChannelClient *mcc, siz
dev->priv->recv_from_client_buf = red_char_device_write_buffer_get(RED_CHAR_DEVICE(dev),
client,
size + sizeof(VDIChunkHeader));
+ /* check if buffer was allocated, as flow control is enabled for
+ * this device this is a normal condition */
+ if (!dev->priv->recv_from_client_buf) {
+ return NULL;
+ }
dev->priv->recv_from_client_buf_pushed = FALSE;
return dev->priv->recv_from_client_buf->buf + sizeof(VDIChunkHeader);
}
_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/spice-devel