Re: [PATCH spice-gtk v2 1/5] gio-pipe: fix NULL pointer dereferencing

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> 
> In pipe_output_stream_is_writable, if the peer is already gone,
> peer_closed is set to TRUE and in this case, peer->read should not be
> accessed
> as peer is NULL.
> 
> Otherwise, the following sequence of calls (simplified) would trigger a
> segfault:
> 
>     spice_make_pipe(p1, p2);
>     g_output_stream_write_all_async(p1_out);
>     g_clear_object(p2);
>     g_pollable_output_stream_is_writable(p1_out);
> 
> Signed-off-by: Jakub Janků <jjanku@xxxxxxxxxx>

Acked the series, thanks

> ---
>  src/giopipe.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/src/giopipe.c b/src/giopipe.c
> index de1adae..fcec844 100644
> --- a/src/giopipe.c
> +++ b/src/giopipe.c
> @@ -420,7 +420,7 @@ pipe_output_stream_is_writable (GPollableOutputStream
> *stream)
>      PipeOutputStream *self = PIPE_OUTPUT_STREAM(stream);
>      gboolean writable;
>  
> -    writable = self->buffer == NULL || self->peer->read >= 0 ||
> self->peer_closed;
> +    writable = self->buffer == NULL || self->peer_closed || self->peer->read
> >= 0;
>      //g_debug("writable %p %d", self, writable);
>  
>      return writable;

Frediano
_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/spice-devel




[Index of Archives]     [Linux Virtualization]     [Linux Virtualization]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]     [Monitors]