Avoid to free invalid pointer.
Signed-off-by: Frediano Ziglio <fziglio@xxxxxxxxxx>
---
server/red-replay-qxl.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/server/red-replay-qxl.c b/server/red-replay-qxl.c
index 45c105c..73f9cd4 100644
--- a/server/red-replay-qxl.c
+++ b/server/red-replay-qxl.c
@@ -413,6 +413,7 @@ static QXLImage *red_replay_image(SpiceReplay *replay, uint32_t flags)
int temp;
int has_palette;
int has_image;
+ GList *elem;
replay_fscanf(replay, "image %d\n", &has_image);
if (replay->error) {
@@ -423,6 +424,7 @@ static QXLImage *red_replay_image(SpiceReplay *replay, uint32_t flags)
}
qxl = (QXLImage*)replay_malloc0(replay, sizeof(QXLImage));
+ elem = replay->allocated;
replay_fscanf(replay, "descriptor.id %"PRIu64"\n", &qxl->descriptor.id);
replay_fscanf(replay, "descriptor.type %d\n", &temp); qxl->descriptor.type = temp;
replay_fscanf(replay, "descriptor.flags %d\n", &temp); qxl->descriptor.flags = temp;
@@ -485,8 +487,9 @@ static QXLImage *red_replay_image(SpiceReplay *replay, uint32_t flags)
if (replay->error) {
return NULL;
}
- qxl = realloc(qxl, sizeof(QXLImageDescriptor) + sizeof(QXLQUICData) +
- qxl->quic.data_size);
+ qxl = spice_realloc(qxl, sizeof(QXLImageDescriptor) + sizeof(QXLQUICData) +
+ qxl->quic.data_size);
+ elem->data = qxl;
size = red_replay_data_chunks(replay, "quic.data", (uint8_t**)&qxl->quic.data, 0);
spice_assert(size == qxl->quic.data_size);
break;
--
2.7.4
_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/spice-devel