From 472b37edf626b8e9150dfce34c42e4112679cc0f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= Date: Mon, 22 Dec 2014 13:14:54 +0100 Subject: [PATCH] Fix usbredir crash on disconnection --- ...vent-crash-when-calling-without-host.patch | 70 +++++++++++++++++++ spice-gtk.spec | 7 +- 2 files changed, 76 insertions(+), 1 deletion(-) create mode 100644 0007-usbredir-prevent-crash-when-calling-without-host.patch diff --git a/0007-usbredir-prevent-crash-when-calling-without-host.patch b/0007-usbredir-prevent-crash-when-calling-without-host.patch new file mode 100644 index 0000000..87c6d88 --- /dev/null +++ b/0007-usbredir-prevent-crash-when-calling-without-host.patch @@ -0,0 +1,70 @@ +From 5b252b0f499601bcf387c02a4dd35d27ed34c07c Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= +Date: Sat, 20 Dec 2014 01:03:09 +0100 +Subject: [PATCH spice-gtk] usbredir: prevent crash when calling without host + +Quite annoyingly, usbredir doesn't have public functions arguments +preconditions, and will weirdly run the flush callback during +initialization. + +With 201a8c2 change, the channel state is kept as it is when calling +reset. This will result in the following crash that was avoided before +thanks to a precondition on the channel to be ready. Adding a further +precondition check on priv->host != NULL solves the following crash +during reset(): + +Program received signal SIGSEGV, Segmentation fault. +usbredirhost_write_guest_data (host=0x0) at usbredirhost.c:868 +868 return +usbredirparser_do_write(host->parser); +(gdb) bt + #0 0x00007fffb2ed24d0 in usbredirhost_write_guest_data (host=0x0) at + #usbredirhost.c:868 + #1 0x00007fffc81d463b in + #usbredir_write_flush_callback (user_data=0x2d95250) at + #channel-usbredir.c:469 + #2 0x00007fffb2ed23f9 in usbredirhost_open_full (usb_ctx=0x2baba70, + #usb_dev_handle=0x0, log_func=, + #read_guest_data_func=0x7fffc81d482c , + #write_guest_data_func=0x7fffc81d4952 , + #flush_writes_func=0x7fffc81d45c3 , + #alloc_lock_func=0x7fffc81d49f1 , + #lock_func=0x7fffc81d4a41 , + #unlock_func=0x7fffc81d4a86 , + #free_lock_func=0x7fffc81d4acb , + #func_priv=0x2d95250, version=0x7fffc8283dcf "spice-gtk + #0.27.7-89db-dirty", verbose=4, flags=1) at usbredirhost.c:748 + #3 0x00007fffc81d3b22 in + #spice_usbredir_channel_set_context (channel=0x2d95250 + #[SpiceUsbredirChannel], context=0x2baba70) at channel-usbredir.c:212 + #4 0x00007fffc81d37a9 in spice_usbredir_channel_reset (c=0x2d95250 + #[SpiceUsbredirChannel], migrating=0) + at channel-usbredir.c:125 + #5 0x00007fffc81b7f8d in spice_channel_reset (channel=0x2d95250 + [SpiceUsbredirChannel], migrating=0) + at spice-channel.c:2688 + #6 0x00007fffc81b8057 in channel_disconnect (channel=0x2d95250 + [SpiceUsbredirChannel]) at spice-channel.c:2706 + #7 0x00007fffc81b7559 in + spice_channel_coroutine (data=0x2d95250) at spice-channel.c:2490 +--- + gtk/channel-usbredir.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/gtk/channel-usbredir.c b/gtk/channel-usbredir.c +index 5238566..b1a91fb 100644 +--- a/gtk/channel-usbredir.c ++++ b/gtk/channel-usbredir.c +@@ -466,6 +466,9 @@ static void usbredir_write_flush_callback(void *user_data) + SPICE_CHANNEL_STATE_READY) + return; + ++ if (!priv->host) ++ return; ++ + usbredirhost_write_guest_data(priv->host); + } + +-- +2.1.0 + diff --git a/spice-gtk.spec b/spice-gtk.spec index 7052269..1350e50 100644 --- a/spice-gtk.spec +++ b/spice-gtk.spec @@ -7,7 +7,7 @@ Name: spice-gtk Version: 0.27 -Release: 2%{?dist} +Release: 3%{?dist} Summary: A GTK+ widget for SPICE clients Group: System Environment/Libraries @@ -21,6 +21,7 @@ Patch0003: 0003-channel-do-not-enter-channel-iterate-on-early-error.patch Patch0004: 0004-channel-introduce-SPICE_CHANNEL_STATE_RECONNECTING.patch Patch0005: 0005-channel-throw-auth-error-when-coroutine-ends.patch Patch0006: 0006-channel-clear-channel-error-after-auth-error.patch +Patch0007: 0007-usbredir-prevent-crash-when-calling-without-host.patch BuildRequires: intltool BuildRequires: gtk2-devel >= 2.14 @@ -156,6 +157,7 @@ find . -name '*.stamp' | xargs touch %patch0004 -p1 %patch0005 -p1 %patch0006 -p1 +%patch0007 -p1 popd %if %{with_gtk3} @@ -277,6 +279,9 @@ rm -rf %{buildroot}%{_datadir}/pkgconfig/spice-protocol.pc %{_bindir}/spicy-stats %changelog +* Mon Dec 22 2014 Marc-André Lureau 0.27-3 +- Fix usbredir crash on disconnection. + * Tue Dec 16 2014 Marc-André Lureau 0.27-2 - Fix authentication error handling regression.