Fix usbredir crash on disconnection

This commit is contained in:
Marc-André Lureau 2014-12-22 13:14:54 +01:00
parent 029fd8e852
commit 472b37edf6
2 changed files with 76 additions and 1 deletions

View File

@ -0,0 +1,70 @@
From 5b252b0f499601bcf387c02a4dd35d27ed34c07c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
Date: Sat, 20 Dec 2014 01:03:09 +0100
Subject: [PATCH spice-gtk] usbredir: prevent crash when calling without host
Quite annoyingly, usbredir doesn't have public functions arguments
preconditions, and will weirdly run the flush callback during
initialization.
With 201a8c2 change, the channel state is kept as it is when calling
reset. This will result in the following crash that was avoided before
thanks to a precondition on the channel to be ready. Adding a further
precondition check on priv->host != NULL solves the following crash
during reset():
Program received signal SIGSEGV, Segmentation fault.
usbredirhost_write_guest_data (host=0x0) at usbredirhost.c:868
868 return
usbredirparser_do_write(host->parser);
(gdb) bt
#0 0x00007fffb2ed24d0 in usbredirhost_write_guest_data (host=0x0) at
#usbredirhost.c:868
#1 0x00007fffc81d463b in
#usbredir_write_flush_callback (user_data=0x2d95250) at
#channel-usbredir.c:469
#2 0x00007fffb2ed23f9 in usbredirhost_open_full (usb_ctx=0x2baba70,
#usb_dev_handle=0x0, log_func=<optimized out>,
#read_guest_data_func=0x7fffc81d482c <usbredir_read_callback>,
#write_guest_data_func=0x7fffc81d4952 <usbredir_write_callback>,
#flush_writes_func=0x7fffc81d45c3 <usbredir_write_flush_callback>,
#alloc_lock_func=0x7fffc81d49f1 <usbredir_alloc_lock>,
#lock_func=0x7fffc81d4a41 <usbredir_lock_lock>,
#unlock_func=0x7fffc81d4a86 <usbredir_unlock_lock>,
#free_lock_func=0x7fffc81d4acb <usbredir_free_lock>,
#func_priv=0x2d95250, version=0x7fffc8283dcf "spice-gtk
#0.27.7-89db-dirty", verbose=4, flags=1) at usbredirhost.c:748
#3 0x00007fffc81d3b22 in
#spice_usbredir_channel_set_context (channel=0x2d95250
#[SpiceUsbredirChannel], context=0x2baba70) at channel-usbredir.c:212
#4 0x00007fffc81d37a9 in spice_usbredir_channel_reset (c=0x2d95250
#[SpiceUsbredirChannel], migrating=0)
at channel-usbredir.c:125
#5 0x00007fffc81b7f8d in spice_channel_reset (channel=0x2d95250
[SpiceUsbredirChannel], migrating=0)
at spice-channel.c:2688
#6 0x00007fffc81b8057 in channel_disconnect (channel=0x2d95250
[SpiceUsbredirChannel]) at spice-channel.c:2706
#7 0x00007fffc81b7559 in
spice_channel_coroutine (data=0x2d95250) at spice-channel.c:2490
---
gtk/channel-usbredir.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/gtk/channel-usbredir.c b/gtk/channel-usbredir.c
index 5238566..b1a91fb 100644
--- a/gtk/channel-usbredir.c
+++ b/gtk/channel-usbredir.c
@@ -466,6 +466,9 @@ static void usbredir_write_flush_callback(void *user_data)
SPICE_CHANNEL_STATE_READY)
return;
+ if (!priv->host)
+ return;
+
usbredirhost_write_guest_data(priv->host);
}
--
2.1.0

View File

@ -7,7 +7,7 @@
Name: spice-gtk
Version: 0.27
Release: 2%{?dist}
Release: 3%{?dist}
Summary: A GTK+ widget for SPICE clients
Group: System Environment/Libraries
@ -21,6 +21,7 @@ Patch0003: 0003-channel-do-not-enter-channel-iterate-on-early-error.patch
Patch0004: 0004-channel-introduce-SPICE_CHANNEL_STATE_RECONNECTING.patch
Patch0005: 0005-channel-throw-auth-error-when-coroutine-ends.patch
Patch0006: 0006-channel-clear-channel-error-after-auth-error.patch
Patch0007: 0007-usbredir-prevent-crash-when-calling-without-host.patch
BuildRequires: intltool
BuildRequires: gtk2-devel >= 2.14
@ -156,6 +157,7 @@ find . -name '*.stamp' | xargs touch
%patch0004 -p1
%patch0005 -p1
%patch0006 -p1
%patch0007 -p1
popd
%if %{with_gtk3}
@ -277,6 +279,9 @@ rm -rf %{buildroot}%{_datadir}/pkgconfig/spice-protocol.pc
%{_bindir}/spicy-stats
%changelog
* Mon Dec 22 2014 Marc-André Lureau <marcandre.lureau@redhat.com> 0.27-3
- Fix usbredir crash on disconnection.
* Tue Dec 16 2014 Marc-André Lureau <marcandre.lureau@redhat.com> 0.27-2
- Fix authentication error handling regression.