Fix crash if connection fails early

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

0001-fix-crash-when-connection-fails-early.patch

@@ -0,0 +1,88 @@
+From 06a27a4fb52653b4cbf67b75b8116cf6692b435d Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
+Date: Fri, 24 Aug 2018 17:18:04 +0100
+Subject: [PATCH] fix crash when connection fails early
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+When reading the initial greeting a timer is set in the background. If
+the connection fails early, we can jump to cleanup code before the timer
+is disable. The timer will later fire, read a coroutine context from
+freed memory, and likely jump to somewhere awful with predictably crashy
+results.
+
+  https://bugzilla.redhat.com/show_bug.cgi?id=1620203
+
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+---
+ src/vncconnection.c | 15 ++++++++++++++-
+ 1 file changed, 14 insertions(+), 1 deletion(-)
+
+diff --git a/src/vncconnection.c b/src/vncconnection.c
+index b6e13d5..afc1418 100644
+--- a/src/vncconnection.c
++++ b/src/vncconnection.c
+@@ -319,7 +319,9 @@ static gboolean vnc_connection_timeout(gpointer data)
+ {
+     struct wait_queue *wait = data;
+ 
++    VNC_DEBUG("Connection timeout wakeup start %p", data);
+     g_io_wakeup(wait);
++    VNC_DEBUG("Connection timeout wakeup done %p", data);
+ 
+     return FALSE;
+ }
+@@ -5318,6 +5320,7 @@ static gboolean vnc_connection_initialize(VncConnection *conn)
+ 
+     priv->absPointer = TRUE;
+ 
++    VNC_DEBUG("Schedule greeting timeout %p", &priv->wait);
+     timeout = g_timeout_add_seconds(2, vnc_connection_timeout, &priv->wait);
+     want = 12;
+     while (want > 0) {
+@@ -5369,7 +5372,9 @@ static gboolean vnc_connection_initialize(VncConnection *conn)
+     }
+ 
+     if (timeout != 0) {
++        VNC_DEBUG("Remove timeout %p", &priv->wait);
+         g_source_remove(timeout);
++        timeout = 0;
+     }
+ 
+     version[12] = 0;
+@@ -5449,6 +5454,11 @@ static gboolean vnc_connection_initialize(VncConnection *conn)
+     return !vnc_connection_has_error(conn);
+ 
+  fail:
++    if (timeout != 0) {
++        VNC_DEBUG("Remove timeout %p", &priv->wait);
++        g_source_remove(timeout);
++        timeout = 0;
++    }
+     return !vnc_connection_has_error(conn);
+ }
+ 
+@@ -5481,6 +5491,7 @@ static GSocket *vnc_connection_connect_socket(struct wait_queue *wait,
+     if (!sock)
+         return NULL;
+ 
++    VNC_DEBUG("Schedule socket timeout %p", wait);
+     guint timeout = g_timeout_add_seconds(10, vnc_connection_timeout, wait);
+ 
+     g_socket_set_blocking(sock, FALSE);
+@@ -5513,8 +5524,10 @@ timeout:
+     sock = NULL;
+ 
+ end:
+-    if (timeout != 0)
++    if (timeout != 0) {
++        VNC_DEBUG("Remove timeout %p", wait);
+         g_source_remove(timeout);
++    }
+ 
+     return sock;
+ }
+-- 
+2.17.1
+

gtk-vnc.spec

@@ -32,9 +32,10 @@
 Summary: A GTK2 widget for VNC clients
 Name: gtk-vnc
 Version: 0.9.0
-Release: 1%{?dist}%{?extra_release}
+Release: 2%{?dist}%{?extra_release}
 License: LGPLv2+
 Source: http://ftp.gnome.org/pub/GNOME/sources/%{name}/0.5/%{name}-%{version}.tar.xz
+Patch1: 0001-fix-crash-when-connection-fails-early.patch
 URL: https://wiki.gnome.org/Projects/gtk-vnc
 Requires: gvnc = %{version}-%{release}
 %if %{with_gtk2}
@@ -154,6 +155,10 @@ Libraries, includes, etc. to compile with the gtk-vnc library
 
 %prep
 %setup -q -n gtk-vnc-%{version} -c
+cd gtk-vnc-%{version}
+%patch1 -p1
+cd ..
+
 %if %{with_gtk3}
 cp -a gtk-vnc-%{version} gtk-vnc2-%{version}
 %endif
@@ -315,6 +320,9 @@ rm -f %{buildroot}%{_libdir}/*.la
 %endif
 
 %changelog
+* Fri Aug 24 2018 Daniel P. Berrangé <berrange@redhat.com> - 0.9.0-2
+- Fix crash if connection fails early (rhbz #1620203)
+
 * Fri Aug 17 2018 Daniel P. Berrangé <berrange@redhat.com> - 0.9.0-1
 - Update to 0.9.0 release