When the initial image was sent to the client the reference
was not incremented leading to some user after free.
This regression was introduced in
3bde2e570cbfd4f29a2e94c14ff28b6e3987048d
("DCC: remove more init_send_data() arguments").
Signed-off-by: Frediano Ziglio <fziglio@xxxxxxxxxx>
---
server/dcc-send.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/server/dcc-send.c b/server/dcc-send.c
index ab5f010..510dfe0 100644
--- a/server/dcc-send.c
+++ b/server/dcc-send.c
@@ -2005,6 +2005,7 @@ static void red_marshall_image(RedChannelClient *rcc,
spice_marshall_Image(src_bitmap_out, &red_image,
&bitmap_palette_out, &lzplt_palette_out);
+ red_pipe_item_ref(&item->base);
spice_marshaller_add_by_ref_full(src_bitmap_out, item->data,
bitmap.y * bitmap.stride,
marshaller_unref_pipe_item, item);
--
2.9.3
_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/spice-devel