From: Victor Toso <me@xxxxxxxxxxxxxx>
On remote_viewer_session_connected() we are passing a dup of URI of
connection and freeing it afterwards. Problem is, we don't disconnect
from listening "session-connected" and on an eventual second emission
of this signal, remote-viewer crashes as seen in the backtrace below.
This can happen over switch-host migration message from
SpiceMainChannel.
To fix the issue, use VirtViewerApp URI information instead of passing
a dup char*. The other changes in this patch were warnings of unused
variables.
Found it while improving migrate.py from spice/tests (server):
| Invalid free() / delete / delete[] / realloc()
| at 0x4839A0C: free (vg_replace_malloc.c:540)
| by 0x56EBD8C: g_free (in /usr/lib64/libglib-2.0.so.0.6000.6)
| by 0x11DED0: remote_viewer_session_connected (remote-viewer.c:658)
| by 0x564D741: g_closure_invoke (in /usr/lib64/libgobject-2.0.so.0.6000.6)
| by 0x56614F3: ??? (in /usr/lib64/libgobject-2.0.so.0.6000.6)
| by 0x566A34D: g_signal_emit_valist (in /usr/lib64/libgobject-2.0.so.0.6000.6)
| by 0x566AF68: g_signal_emit_by_name (in /usr/lib64/libgobject-2.0.so.0.6000.6)
| by 0x135E5D: virt_viewer_session_spice_main_channel_event (virt-viewer-session-spice.c:699)
| by 0x564D741: g_closure_invoke (in /usr/lib64/libgobject-2.0.so.0.6000.6)
| by 0x56614F3: ??? (in /usr/lib64/libgobject-2.0.so.0.6000.6)
| by 0x566A34D: g_signal_emit_valist (in /usr/lib64/libgobject-2.0.so.0.6000.6)
| by 0x53149E3: emit_main_context (gio-coroutine.c:198)
| Address 0x18f1ecc0 is 0 bytes inside a block of size 23 free'd
| at 0x4839A0C: free (vg_replace_malloc.c:540)
| by 0x56EBD8C: g_free (in /usr/lib64/libglib-2.0.so.0.6000.6)
| by 0x11DED0: remote_viewer_session_connected (remote-viewer.c:658)
| by 0x564D741: g_closure_invoke (in /usr/lib64/libgobject-2.0.so.0.6000.6)
| by 0x56614F3: ??? (in /usr/lib64/libgobject-2.0.so.0.6000.6)
| by 0x566A34D: g_signal_emit_valist (in /usr/lib64/libgobject-2.0.so.0.6000.6)
| by 0x566AF68: g_signal_emit_by_name (in /usr/lib64/libgobject-2.0.so.0.6000.6)
| by 0x135E5D: virt_viewer_session_spice_main_channel_event (virt-viewer-session-spice.c:699)
| by 0x564D741: g_closure_invoke (in /usr/lib64/libgobject-2.0.so.0.6000.6)
| by 0x56614F3: ??? (in /usr/lib64/libgobject-2.0.so.0.6000.6)
| by 0x566A34D: g_signal_emit_valist (in /usr/lib64/libgobject-2.0.so.0.6000.6)
| by 0x53149E3: emit_main_context (gio-coroutine.c:198)
| Block was alloc'd at
| at 0x483880B: malloc (vg_replace_malloc.c:309)
| by 0x56EBC98: g_malloc (in /usr/lib64/libglib-2.0.so.0.6000.6)
| by 0x5705C43: g_strdup (in /usr/lib64/libglib-2.0.so.0.6000.6)
| by 0x11EB80: remote_viewer_initial_connect (remote-viewer.c:696)
| by 0x11EB80: remote_viewer_start (remote-viewer.c:790)
| by 0x1250D3: virt_viewer_app_start (virt-viewer-app.c:1727)
| by 0x127108: virt_viewer_app_on_application_startup (virt-viewer-app.c:1870)
| by 0x564D741: g_closure_invoke (in /usr/lib64/libgobject-2.0.so.0.6000.6)
| by 0x5661638: ??? (in /usr/lib64/libgobject-2.0.so.0.6000.6)
| by 0x566A34D: g_signal_emit_valist (in /usr/lib64/libgobject-2.0.so.0.6000.6)
| by 0x566A972: g_signal_emit (in /usr/lib64/libgobject-2.0.so.0.6000.6)
| by 0x553ECA1: g_application_register (in /usr/lib64/libgio-2.0.so.0.6000.6)
| by 0x553F41D: g_application_run (in /usr/lib64/libgio-2.0.so.0.6000.6)
Signed-off-by: Victor Toso <victortoso@xxxxxxxxxx>
---
src/remote-viewer.c | 18 ++++++++++--------
1 file changed, 10 insertions(+), 8 deletions(-)
diff --git a/src/remote-viewer.c b/src/remote-viewer.c
index 8938ef9..7cad231 100644
--- a/src/remote-viewer.c
+++ b/src/remote-viewer.c
@@ -396,7 +396,7 @@ virt_viewer_app_set_ovirt_foreign_menu(VirtViewerApp *app,
}
static gboolean
-create_ovirt_session(VirtViewerApp *app, const char *uri, GError **err)
+create_ovirt_session(VirtViewerApp *app, GError **err)
{
OvirtProxy *proxy = NULL;
OvirtApi *api = NULL;
@@ -421,9 +421,11 @@ create_ovirt_session(VirtViewerApp *app, const char *uri, GError **err)
gchar *ticket = NULL;
gchar *host_subject = NULL;
gchar *guid = NULL;
+ gchar *uri = NULL;
g_return_val_if_fail(VIRT_VIEWER_IS_APP(app), FALSE);
+ g_object_get(app, "guri", &uri, NULL);
if (!parse_ovirt_uri(uri, &rest_uri, &vm_name, &username)) {
g_set_error_literal(&error, VIRT_VIEWER_ERROR, VIRT_VIEWER_ERROR_FAILED,
_("failed to parse ovirt uri"));
@@ -561,6 +563,7 @@ create_ovirt_session(VirtViewerApp *app, const char *uri, GError **err)
success = TRUE;
error:
+ g_free(uri);
g_free(username);
g_free(rest_uri);
g_free(vm_name);
@@ -645,17 +648,16 @@ remote_viewer_recent_add(gchar *uri, const gchar *mime_type)
static void
remote_viewer_session_connected(VirtViewerSession *session,
- gchar *guri)
+ VirtViewerApp *app)
{
gchar *uri = virt_viewer_session_get_uri(session);
const gchar *mime = virt_viewer_session_mime_type(session);
if (uri == NULL)
- uri = g_strdup(guri);
+ g_object_get(app, "guri", &uri, NULL);
remote_viewer_recent_add(uri, mime);
g_free(uri);
- g_free(guri);
}