In pipe_output_stream_is_writable, if the peer is already gone,
peer_closed is set to TRUE and in this case, peer->read should not be accessed
as peer is NULL.
Otherwise, the following sequence of calls (simplified) would trigger a segfault:
spice_make_pipe(p1, p2);
g_output_stream_write_all_async(p1_out);
g_clear_object(p2);
g_pollable_output_stream_is_writable(p1_out);
Signed-off-by: Jakub Janků <jjanku@xxxxxxxxxx>
---
src/giopipe.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/giopipe.c b/src/giopipe.c
index de1adae..fcec844 100644
--- a/src/giopipe.c
+++ b/src/giopipe.c
@@ -420,7 +420,7 @@ pipe_output_stream_is_writable (GPollableOutputStream *stream)
PipeOutputStream *self = PIPE_OUTPUT_STREAM(stream);
gboolean writable;
- writable = self->buffer == NULL || self->peer->read >= 0 || self->peer_closed;
+ writable = self->buffer == NULL || self->peer_closed || self->peer->read >= 0;
//g_debug("writable %p %d", self, writable);
return writable;
--
2.21.0
_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/spice-devel