spice-gtk/0007-usbredir-prevent-crash-when-calling-without-host.patch

From 5b252b0f499601bcf387c02a4dd35d27ed34c07c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
Date: Sat, 20 Dec 2014 01:03:09 +0100
Subject: [PATCH spice-gtk] usbredir: prevent crash when calling without host

Quite annoyingly, usbredir doesn't have public functions arguments
preconditions, and will weirdly run the flush callback during
initialization.

With 201a8c2 change, the channel state is kept as it is when calling
reset. This will result in the following crash that was avoided before
thanks to a precondition on the channel to be ready. Adding a further
precondition check on priv->host != NULL solves the following crash
during reset():

Program received signal SIGSEGV, Segmentation fault.
usbredirhost_write_guest_data (host=0x0) at usbredirhost.c:868
868                               return
usbredirparser_do_write(host->parser);
(gdb) bt
 #0  0x00007fffb2ed24d0 in usbredirhost_write_guest_data (host=0x0) at
 #usbredirhost.c:868
 #1  0x00007fffc81d463b in
 #usbredir_write_flush_callback (user_data=0x2d95250) at
 #channel-usbredir.c:469
 #2  0x00007fffb2ed23f9 in usbredirhost_open_full (usb_ctx=0x2baba70,
 #usb_dev_handle=0x0, log_func=<optimized out>,
 #read_guest_data_func=0x7fffc81d482c <usbredir_read_callback>,
 #write_guest_data_func=0x7fffc81d4952 <usbredir_write_callback>,
 #flush_writes_func=0x7fffc81d45c3 <usbredir_write_flush_callback>,
 #alloc_lock_func=0x7fffc81d49f1 <usbredir_alloc_lock>,
 #lock_func=0x7fffc81d4a41 <usbredir_lock_lock>,
 #unlock_func=0x7fffc81d4a86 <usbredir_unlock_lock>,
 #free_lock_func=0x7fffc81d4acb <usbredir_free_lock>,
 #func_priv=0x2d95250, version=0x7fffc8283dcf "spice-gtk
 #0.27.7-89db-dirty", verbose=4, flags=1) at usbredirhost.c:748
 #3  0x00007fffc81d3b22 in
 #spice_usbredir_channel_set_context (channel=0x2d95250
 #[SpiceUsbredirChannel], context=0x2baba70) at channel-usbredir.c:212
 #4  0x00007fffc81d37a9 in spice_usbredir_channel_reset (c=0x2d95250
 #[SpiceUsbredirChannel], migrating=0)
 at channel-usbredir.c:125
 #5  0x00007fffc81b7f8d in spice_channel_reset (channel=0x2d95250
 [SpiceUsbredirChannel], migrating=0)
 at spice-channel.c:2688
 #6  0x00007fffc81b8057 in channel_disconnect (channel=0x2d95250
 [SpiceUsbredirChannel]) at spice-channel.c:2706
 #7  0x00007fffc81b7559 in
 spice_channel_coroutine (data=0x2d95250) at spice-channel.c:2490
---
 gtk/channel-usbredir.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/gtk/channel-usbredir.c b/gtk/channel-usbredir.c
index 5238566..b1a91fb 100644
--- a/gtk/channel-usbredir.c
+++ b/gtk/channel-usbredir.c
@@ -466,6 +466,9 @@ static void usbredir_write_flush_callback(void *user_data)
             SPICE_CHANNEL_STATE_READY)
         return;
 
+    if (!priv->host)
+        return;
+
     usbredirhost_write_guest_data(priv->host);
 }
 
-- 
2.1.0
Fix usbredir crash on disconnection 2014-12-22 12:14:54 +00:00			`From 5b252b0f499601bcf387c02a4dd35d27ed34c07c Mon Sep 17 00:00:00 2001`
			`From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>`
			`Date: Sat, 20 Dec 2014 01:03:09 +0100`
			`Subject: [PATCH spice-gtk] usbredir: prevent crash when calling without host`

			`Quite annoyingly, usbredir doesn't have public functions arguments`
			`preconditions, and will weirdly run the flush callback during`
			`initialization.`

			`With 201a8c2 change, the channel state is kept as it is when calling`
			`reset. This will result in the following crash that was avoided before`
			`thanks to a precondition on the channel to be ready. Adding a further`
			`precondition check on priv->host != NULL solves the following crash`
			`during reset():`

			`Program received signal SIGSEGV, Segmentation fault.`
			`usbredirhost_write_guest_data (host=0x0) at usbredirhost.c:868`
			`868 return`
			`usbredirparser_do_write(host->parser);`
			`(gdb) bt`
			`#0 0x00007fffb2ed24d0 in usbredirhost_write_guest_data (host=0x0) at`
			`#usbredirhost.c:868`
			`#1 0x00007fffc81d463b in`
			`#usbredir_write_flush_callback (user_data=0x2d95250) at`
			`#channel-usbredir.c:469`
			`#2 0x00007fffb2ed23f9 in usbredirhost_open_full (usb_ctx=0x2baba70,`
			`#usb_dev_handle=0x0, log_func=<optimized out>,`
			`#read_guest_data_func=0x7fffc81d482c <usbredir_read_callback>,`
			`#write_guest_data_func=0x7fffc81d4952 <usbredir_write_callback>,`
			`#flush_writes_func=0x7fffc81d45c3 <usbredir_write_flush_callback>,`
			`#alloc_lock_func=0x7fffc81d49f1 <usbredir_alloc_lock>,`
			`#lock_func=0x7fffc81d4a41 <usbredir_lock_lock>,`
			`#unlock_func=0x7fffc81d4a86 <usbredir_unlock_lock>,`
			`#free_lock_func=0x7fffc81d4acb <usbredir_free_lock>,`
			`#func_priv=0x2d95250, version=0x7fffc8283dcf "spice-gtk`
			`#0.27.7-89db-dirty", verbose=4, flags=1) at usbredirhost.c:748`
			`#3 0x00007fffc81d3b22 in`
			`#spice_usbredir_channel_set_context (channel=0x2d95250`
			`#[SpiceUsbredirChannel], context=0x2baba70) at channel-usbredir.c:212`
			`#4 0x00007fffc81d37a9 in spice_usbredir_channel_reset (c=0x2d95250`
			`#[SpiceUsbredirChannel], migrating=0)`
			`at channel-usbredir.c:125`
			`#5 0x00007fffc81b7f8d in spice_channel_reset (channel=0x2d95250`
			`[SpiceUsbredirChannel], migrating=0)`
			`at spice-channel.c:2688`
			`#6 0x00007fffc81b8057 in channel_disconnect (channel=0x2d95250`
			`[SpiceUsbredirChannel]) at spice-channel.c:2706`
			`#7 0x00007fffc81b7559 in`
			`spice_channel_coroutine (data=0x2d95250) at spice-channel.c:2490`
			`---`
			`gtk/channel-usbredir.c \| 3 +++`
			`1 file changed, 3 insertions(+)`

			`diff --git a/gtk/channel-usbredir.c b/gtk/channel-usbredir.c`
			`index 5238566..b1a91fb 100644`
			`--- a/gtk/channel-usbredir.c`
			`+++ b/gtk/channel-usbredir.c`
			`@@ -466,6 +466,9 @@ static void usbredir_write_flush_callback(void *user_data)`
			`SPICE_CHANNEL_STATE_READY)`
			`return;`

			`+ if (!priv->host)`
			`+ return;`
			`+`
			`usbredirhost_write_guest_data(priv->host);`
			`}`

			`--`
			`2.1.0`