Re: [PATCH spice-server] reds: Do not free wrong agent device

Frediano Ziglio <fziglio@xxxxxxxxxx> · Tue, 28 Feb 2017 09:34:48 -0500 (EST)

Just to be clear:

"reds: Check that we do not free the wrong agent device

Do not assume the device passed is the one currently working
but check for it and refuse to free the current one avoiding
possible double free of the device."

(was not clear to me if you meant the subject or message)

Frediano

> From: "Christophe Fergeau" <cfergeau@xxxxxxxxxx>
> 
> I think I'd adjust the shortlog a little bit "Check that we do not free
> ...", as I initially thought this was fixing an actual bug rather than
> being a robustness improvement.
> Hopefully we don't hit this situation, as this would be fairly bad ;)
> 
> Acked-by: Christophe Fergeau <cfergeau@xxxxxxxxxx>
> 
> Christophe
> 
> 
> 
> On Tue, Feb 28, 2017 at 10:26:10AM +0000, Frediano Ziglio wrote:
> > Do not assume the device passed is the one currently working
> > but check for it and refuse to free the current one avoiding
> > possible double free of the device.
> > 
> > Signed-off-by: Frediano Ziglio <fziglio@xxxxxxxxxx>
> > ---
> >  server/reds.c | 6 ++++--
> >  1 file changed, 4 insertions(+), 2 deletions(-)
> > 
> > diff --git a/server/reds.c b/server/reds.c
> > index 39a7a31..88ee7d1 100644
> > --- a/server/reds.c
> > +++ b/server/reds.c
> > @@ -3201,13 +3201,14 @@ static int
> > spice_server_char_device_add_interface(SpiceServer *reds,
> >      return 0;
> >  }
> >  
> > -static void spice_server_char_device_remove_interface(RedsState *reds,
> > SpiceBaseInstance *sin)
> > +static int spice_server_char_device_remove_interface(RedsState *reds,
> > SpiceBaseInstance *sin)
> >  {
> >      SpiceCharDeviceInstance* char_device =
> >              SPICE_CONTAINEROF(sin, SpiceCharDeviceInstance, base);
> >  
> >      spice_info("remove CHAR_DEVICE %s", char_device->subtype);
> >      if (strcmp(char_device->subtype, SUBTYPE_VDAGENT) == 0) {
> > +        g_return_val_if_fail(char_device == reds->vdagent, -1);
> >          if (reds->vdagent) {
> >              reds_agent_remove(reds);
> >              red_char_device_reset_dev_instance(RED_CHAR_DEVICE(reds->agent_dev),
> >              NULL);
> > @@ -3226,6 +3227,7 @@ static void
> > spice_server_char_device_remove_interface(RedsState *reds, SpiceBase
> >      }
> >  
> >      char_device->st = NULL;
> > +    return 0;
> >  }
> >  
> >  SPICE_GNUC_VISIBLE int spice_server_add_interface(SpiceServer *reds,
> > @@ -3360,7 +3362,7 @@ SPICE_GNUC_VISIBLE int
> > spice_server_remove_interface(SpiceBaseInstance *sin)
> >          SpiceCharDeviceInstance *char_device = SPICE_CONTAINEROF(sin,
> >          SpiceCharDeviceInstance, base);
> >          g_return_val_if_fail(char_device->st != NULL, -1);
> >          reds = red_char_device_get_server(char_device->st);
> > -        spice_server_char_device_remove_interface(reds, sin);
> > +        return spice_server_char_device_remove_interface(reds, sin);
> >      } else if (strcmp(interface->type, SPICE_INTERFACE_QXL) == 0) {
> >          QXLInstance *qxl;
> >  
_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/spice-devel