Avoid to free invalid pointer.
Signed-off-by: Frediano Ziglio <fziglio@xxxxxxxxxx>
---
server/red-replay-qxl.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
Changes since v2:
- better encapsulation (Jonathon)
I have the sensation that Quic code is broken.. but this is
not related to this patch.
diff --git a/server/red-replay-qxl.c b/server/red-replay-qxl.c
index e95cf91..b5baded 100644
--- a/server/red-replay-qxl.c
+++ b/server/red-replay-qxl.c
@@ -113,6 +113,13 @@ static inline void replay_free(SpiceReplay *replay, void *mem)
free(mem);
}
+static inline void *replay_realloc(SpiceReplay *replay, void *mem, size_t n_bytes)
+{
+ GList *elem = g_list_find(replay->allocated, mem);
+ elem->data = spice_realloc(mem, n_bytes);
+ return elem->data;
+}
+
static uint32_t replay_id_get(SpiceReplay *replay, uint32_t id)
{
uint32_t newid = 0;
@@ -486,8 +493,8 @@ static QXLImage *red_replay_image(SpiceReplay *replay, uint32_t flags)
if (replay->error) {
return NULL;
}
- qxl = realloc(qxl, sizeof(QXLImageDescriptor) + sizeof(QXLQUICData) +
- qxl->quic.data_size);
+ qxl = replay_realloc(replay, qxl, sizeof(QXLImageDescriptor) + sizeof(QXLQUICData) +
+ qxl->quic.data_size);
size = red_replay_data_chunks(replay, "quic.data", (uint8_t**)&qxl->quic.data, 0);
spice_assert(size == qxl->quic.data_size);
break;
--
2.7.4
_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/spice-devel