rpms
/
spice-gtk
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

base: rpms:imports/c8s/spice-gtk-0.38-4.el8
Branches Tags
rpms:c8
rpms:c9s
rpms:c8-beta
rpms:c8s
rpms:imports/c8-beta/spice-gtk-0.38-6.el8
rpms:imports/c8-beta/spice-gtk-0.38-3.el8
rpms:imports/c8-beta/spice-gtk-0.37-1.el8
rpms:imports/c8s/spice-gtk-0.38-6.el8
rpms:imports/c8s/spice-gtk-0.38-5.el8
rpms:imports/c8s/spice-gtk-0.38-4.el8
rpms:imports/c8s/spice-gtk-0.38-3.el8
rpms:imports/c8s/spice-gtk-0.38-2.el8
rpms:imports/c8/spice-gtk-0.38-6.el8
rpms:imports/c8/spice-gtk-0.38-3.el8
rpms:imports/c8/spice-gtk-0.37-1.el8_2.2
rpms:imports/c8/spice-gtk-0.37-1.el8
rpms:imports/c8/spice-gtk-0.35-7.el8
...
compare: rpms:c8
Branches Tags
rpms:c9s
rpms:c8-beta
rpms:c8s
rpms:c8
rpms:imports/c8-beta/spice-gtk-0.38-6.el8
rpms:imports/c8-beta/spice-gtk-0.38-3.el8
rpms:imports/c8-beta/spice-gtk-0.37-1.el8
rpms:imports/c8s/spice-gtk-0.38-6.el8
rpms:imports/c8s/spice-gtk-0.38-5.el8
rpms:imports/c8s/spice-gtk-0.38-4.el8
rpms:imports/c8s/spice-gtk-0.38-3.el8
rpms:imports/c8s/spice-gtk-0.38-2.el8
rpms:imports/c8/spice-gtk-0.38-6.el8
rpms:imports/c8/spice-gtk-0.38-3.el8
rpms:imports/c8/spice-gtk-0.37-1.el8_2.2
rpms:imports/c8/spice-gtk-0.37-1.el8
rpms:imports/c8/spice-gtk-0.35-7.el8

No commits in common. "imports/c8s/spice-gtk-0.38-4.el8" and "c8" have entirely different histories.
imports/c8 ... c8

16 changed files with 951 additions and 1 deletions
Show Stats Expand all files Collapse all files

33
SOURCES/0017-empty_cd_clicked_cb-g_free-basename.patch Normal file
View File

@ -0,0 +1,33 @@
From 20eebc549da508c82e139120b577b047c76964c3 Mon Sep 17 00:00:00 2001
From: Uri Lublin <uril@redhat.com>
Date: Wed, 11 Nov 2020 14:12:19 +0200
Subject: [PATCH 17/22] empty_cd_clicked_cb: g_free basename
Fix the following static analyzer warning:
src/usb-device-widget.c:224: leaked_storage: Failing to save or free
storage allocated by "g_path_get_basename(filename)" leaks it.
Signed-off-by: Uri Lublin <uril@redhat.com>
---
src/usb-device-widget.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/usb-device-widget.c b/src/usb-device-widget.c
index 257e9e1..0ff4e52 100644
--- a/src/usb-device-widget.c
+++ b/src/usb-device-widget.c
@@ -220,8 +220,10 @@ empty_cd_clicked_cb(GtkToggleButton *toggle, gpointer user_data)
rc = spice_usb_device_manager_create_shared_cd_device(priv->manager, filename, &err);
if (!rc && err != NULL) {
+ const gchar *basename = g_path_get_basename(filename);
gchar *err_msg = g_strdup_printf(_("shared CD %s, %s"),
- g_path_get_basename(filename), err->message);
+ basename, err->message);
+ g_free((gpointer)basename);
SPICE_DEBUG("Failed to create %s", err_msg);
spice_usb_device_widget_add_err_msg(self, err_msg);
--
2.28.0

44
SOURCES/0018-spice_usbutil_parse_usbids-verify-at-least-one-vendo.patch Normal file
View File

@ -0,0 +1,44 @@
From 032ca202f839fe1c49cddfd2b0459f9fecc23c86 Mon Sep 17 00:00:00 2001
From: Uri Lublin <uril@redhat.com>
Date: Wed, 11 Nov 2020 20:03:57 +0200
Subject: [PATCH 18/22] spice_usbutil_parse_usbids: verify at least one vendor
and product
Fixes the following clang warning:
src/usbutil.c:148:52: warning: Use of zero-allocated memory
...
product_info[product_count].product_id = id;
^
146| while (isspace(line[0]))
147| line++;
148|-> product_info[product_count].product_id = id;
149| snprintf(product_info[product_count].name,
150| PRODUCT_NAME_LEN, "%s", line);
Signed-off-by: Uri Lublin <uril@redhat.com>
---
src/usbutil.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/src/usbutil.c b/src/usbutil.c
index 7d7f38a..f29302b 100644
--- a/src/usbutil.c
+++ b/src/usbutil.c
@@ -113,6 +113,13 @@ static gboolean spice_usbutil_parse_usbids(gchar *path)
usbids_vendor_count++;
}
+ if (usbids_vendor_info == 0 || product_count == 0) {
+ usbids_vendor_count = -1;
+ g_strfreev(lines);
+ g_free(contents);
+ return FALSE;
+ }
+
usbids_vendor_info = g_new(usb_vendor_info, usbids_vendor_count);
product_info = g_new(usb_product_info, product_count);
--
2.28.0

42
SOURCES/0019-sink_event_probe-do-not-keep-duration-in-a-variable.patch Normal file
View File

@ -0,0 +1,42 @@
From bb4999f6e450aa1b1270ade7113966869fc4ed27 Mon Sep 17 00:00:00 2001
From: Uri Lublin <uril@redhat.com>
Date: Wed, 11 Nov 2020 20:34:09 +0200
Subject: [PATCH 19/22] sink_event_probe: do not keep duration in a variable
If not ENABLE_RECORDER, then duration is assigned a value
but is never used - as the compiler optimizes it out.
Fixes the following clang warning:
src/channel-display-gst.c:443:21: warning: Value stored to
'duration' during its initialization is never read
Signed-off-by: Uri Lublin <uril@redhat.com>
---
src/channel-display-gst.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/channel-display-gst.c b/src/channel-display-gst.c
index c58a90f..36db3a3 100644
--- a/src/channel-display-gst.c
+++ b/src/channel-display-gst.c
@@ -439,7 +439,6 @@ sink_event_probe(GstPad *pad, GstPadProbeInfo *info, gpointer data)
if (l) {
SpiceGstFrame *gstframe = l->data;
const SpiceFrame *frame = gstframe->encoded_frame;
- int64_t duration = g_get_monotonic_time() - frame->creation_time;
/* Note that queue_len (the length of the queue prior to adding
* this frame) is crucial to correctly interpret the decoding time:
* - Less than MAX_DECODED_FRAMES means nothing blocked the
@@ -450,7 +449,8 @@ sink_event_probe(GstPad *pad, GstPadProbeInfo *info, gpointer data)
record(frames_stats,
"frame mm_time %u size %u creation time %" PRId64
" decoded time %" PRId64 " queue %u before %u",
- frame->mm_time, frame->size, frame->creation_time, duration,
+ frame->mm_time, frame->size, frame->creation_time,
+ g_get_monotonic_time() - frame->creation_time,
decoder->decoding_queue->length, gstframe->queue_len);
if (!decoder->appsink) {
--
2.28.0

26
SOURCES/0020-mark_false_event_id-is-guint-assign-0-to-it-not-FALS.patch Normal file
View File

@ -0,0 +1,26 @@
From df47365c32711bae5dfa163f8eba7b0f741326d6 Mon Sep 17 00:00:00 2001
From: Uri Lublin <uril@redhat.com>
Date: Thu, 19 Nov 2020 19:30:54 +0200
Subject: [PATCH 20/22] mark_false_event_id is guint, assign 0 to it not FALSE
Signed-off-by: Uri Lublin <uril@redhat.com>
---
src/channel-display.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/channel-display.c b/src/channel-display.c
index 023baa1..f52ef12 100644
--- a/src/channel-display.c
+++ b/src/channel-display.c
@@ -1971,7 +1971,7 @@ static void display_handle_surface_create(SpiceChannel *channel, SpiceMsgIn *in)
create_canvas(channel, surface);
if (c->mark_false_event_id != 0) {
g_source_remove(c->mark_false_event_id);
- c->mark_false_event_id = FALSE;
+ c->mark_false_event_id = 0;
}
} else {
surface->primary = false;
--
2.28.0

33
SOURCES/0021-usb-backend-create_emulated_device-assert-address-32.patch Normal file
View File

@ -0,0 +1,33 @@
From 35f6926328cd415f6ba24efe49c3f990e44a8948 Mon Sep 17 00:00:00 2001
From: Uri Lublin <uril@redhat.com>
Date: Sun, 22 Nov 2020 16:21:00 +0200
Subject: [PATCH 21/22] usb-backend: create_emulated_device: assert address <
32
This may fix the following static analyzer issue:
src/usb-backend.c:1507: large_shift: In expression "1 << address", left
shifting by more than 31 bits has undefined behavior.
The shift amount, "address", is 32.
Signed-off-by: Uri Lublin <uril@redhat.com>
---
src/usb-backend.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/usb-backend.c b/src/usb-backend.c
index 857488e..c76d576 100644
--- a/src/usb-backend.c
+++ b/src/usb-backend.c
@@ -1482,6 +1482,9 @@ spice_usb_backend_create_emulated_device(SpiceUsbBackend *be,
}
}
+ // for static analyzers: it is already checked above
+ g_assert(address < 32);
+
dev = g_new0(SpiceUsbDevice, 1);
dev->device_info.bus = BUS_NUMBER_FOR_EMULATED_USB;
dev->device_info.address = address;
--
2.28.0

48
SOURCES/0022-spice-utils-allocate-ctx-after-g_return_val_if_fail.patch Normal file
View File

@ -0,0 +1,48 @@
From 1068e4d0e39f3d8f3390102863a02eaed7ee81b1 Mon Sep 17 00:00:00 2001
From: Uri Lublin <uril@redhat.com>
Date: Mon, 23 Nov 2020 15:38:43 +0200
Subject: [PATCH 22/22] spice-utils: allocate ctx after g_return_val_if_fail
Fix the following issue:
Error: RESOURCE_LEAK
src/spice-util.c:235: alloc_fn: Storage is returned
from allocation function "whc_new".
src/spice-util.c:235: var_assign: Assigning: "ctx" =
storage returned from "whc_new(instance_obj, gobject)".
src/spice-util.c:237: leaked_storage: Variable "ctx"
going out of scope leaks the storage it points to.
235| WeakHandlerCtx *ctx = whc_new (instance_obj, gobject);
236|
237|-> g_return_val_if_fail (G_TYPE_CHECK_INSTANCE (instance), 0);
238| g_return_val_if_fail (detailed_signal != NULL, 0);
239| g_return_val_if_fail (c_handler != NULL, 0);
Signed-off-by: Uri Lublin <uril@redhat.com>
---
src/spice-util.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/spice-util.c b/src/spice-util.c
index 1e49982..d0c56ba 100644
--- a/src/spice-util.c
+++ b/src/spice-util.c
@@ -231,7 +231,6 @@ gulong spice_g_signal_connect_object (gpointer instance,
GConnectFlags connect_flags)
{
GObject *instance_obj = G_OBJECT (instance);
- WeakHandlerCtx *ctx = whc_new (instance_obj, gobject);
g_return_val_if_fail (G_TYPE_CHECK_INSTANCE (instance), 0);
g_return_val_if_fail (detailed_signal != NULL, 0);
@@ -240,6 +239,7 @@ gulong spice_g_signal_connect_object (gpointer instance,
g_return_val_if_fail (
(connect_flags & ~(G_CONNECT_AFTER|G_CONNECT_SWAPPED)) == 0, 0);
+ WeakHandlerCtx *ctx = whc_new (instance_obj, gobject);
if (connect_flags & G_CONNECT_SWAPPED)
ctx->closure = g_cclosure_new_object_swap (c_handler, gobject);
else
--
2.28.0

118
SOURCES/0023-channel-main-Fix-indentation.patch Normal file
View File

@ -0,0 +1,118 @@
From 1defa5c0f0107b8496b7696408aad064c65947a5 Mon Sep 17 00:00:00 2001
From: Frediano Ziglio <fziglio@redhat.com>
Date: Tue, 17 Mar 2020 21:27:19 +0000
Subject: [PATCH] channel-main: Fix indentation
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Victor Toso <victortoso@redhat.com>
---
src/channel-main.c | 36 +++++++++++++++++++-----------------
1 file changed, 19 insertions(+), 17 deletions(-)
diff --git a/src/channel-main.c b/src/channel-main.c
index 1e85a36..0a0b9ca 100644
--- a/src/channel-main.c
+++ b/src/channel-main.c
@@ -283,13 +283,13 @@ static void spice_main_get_property(GObject *object,
switch (prop_id) {
case PROP_MOUSE_MODE:
g_value_set_int(value, c->mouse_mode);
- break;
+ break;
case PROP_AGENT_CONNECTED:
g_value_set_boolean(value, c->agent_connected);
- break;
+ break;
case PROP_AGENT_CAPS_0:
g_value_set_int(value, c->agent_caps[0]);
- break;
+ break;
case PROP_DISPLAY_DISABLE_WALLPAPER:
g_value_set_boolean(value, c->display_disable_wallpaper);
break;
@@ -312,8 +312,8 @@ static void spice_main_get_property(GObject *object,
g_value_set_int(value, spice_main_get_max_clipboard(self));
break;
default:
- G_OBJECT_WARN_INVALID_PROPERTY_ID(object, prop_id, pspec);
- break;
+ G_OBJECT_WARN_INVALID_PROPERTY_ID(object, prop_id, pspec);
+ break;
}
}
@@ -346,8 +346,8 @@ static void spice_main_set_property(GObject *gobject, guint prop_id,
spice_main_set_max_clipboard(self, g_value_get_int(value));
break;
default:
- G_OBJECT_WARN_INVALID_PROPERTY_ID(gobject, prop_id, pspec);
- break;
+ G_OBJECT_WARN_INVALID_PROPERTY_ID(gobject, prop_id, pspec);
+ break;
}
}
@@ -2051,9 +2051,10 @@ static void main_agent_handle_msg(SpiceChannel *channel,
g_coroutine_signal_emit(self, signals[SPICE_MAIN_CLIPBOARD_SELECTION], 0, selection,
cb->type, cb->data, msg->size - sizeof(VDAgentClipboard));
- if (selection == VD_AGENT_CLIPBOARD_SELECTION_CLIPBOARD)
- g_coroutine_signal_emit(self, signals[SPICE_MAIN_CLIPBOARD], 0,
- cb->type, cb->data, msg->size - sizeof(VDAgentClipboard));
+ if (selection == VD_AGENT_CLIPBOARD_SELECTION_CLIPBOARD) {
+ g_coroutine_signal_emit(self, signals[SPICE_MAIN_CLIPBOARD], 0,
+ cb->type, cb->data, msg->size - sizeof(VDAgentClipboard));
+ }
break;
}
case VD_AGENT_CLIPBOARD_GRAB:
@@ -2075,10 +2076,11 @@ static void main_agent_handle_msg(SpiceChannel *channel,
}
g_coroutine_signal_emit(self, signals[SPICE_MAIN_CLIPBOARD_SELECTION_GRAB], 0, selection,
- (guint8*)payload, msg->size / sizeof(uint32_t), &ret);
- if (selection == VD_AGENT_CLIPBOARD_SELECTION_CLIPBOARD)
+ (guint8*)payload, msg->size / sizeof(uint32_t), &ret);
+ if (selection == VD_AGENT_CLIPBOARD_SELECTION_CLIPBOARD) {
g_coroutine_signal_emit(self, signals[SPICE_MAIN_CLIPBOARD_GRAB], 0,
- payload, msg->size / sizeof(uint32_t), &ret);
+ payload, msg->size / sizeof(uint32_t), &ret);
+ }
break;
}
case VD_AGENT_CLIPBOARD_REQUEST:
@@ -2086,11 +2088,11 @@ static void main_agent_handle_msg(SpiceChannel *channel,
gboolean ret;
VDAgentClipboardRequest *req = payload;
g_coroutine_signal_emit(self, signals[SPICE_MAIN_CLIPBOARD_SELECTION_REQUEST], 0, selection,
- req->type, &ret);
+ req->type, &ret);
if (selection == VD_AGENT_CLIPBOARD_SELECTION_CLIPBOARD)
g_coroutine_signal_emit(self, signals[SPICE_MAIN_CLIPBOARD_REQUEST], 0,
- req->type, &ret);
+ req->type, &ret);
break;
}
case VD_AGENT_CLIPBOARD_RELEASE:
@@ -2333,7 +2335,7 @@ static gboolean migrate_connect(gpointer data)
host = (char*)info->host_data;
if (info->cert_subject_size == 0 ||
- strlen((const char*)info->cert_subject_data) == 0) {
+ strlen((const char*)info->cert_subject_data) == 0) {
/* only verify hostname if no cert subject */
g_object_set(mig->session, "verify", SPICE_SESSION_VERIFY_HOSTNAME, NULL);
} else {
@@ -2690,7 +2692,7 @@ void spice_main_update_display(SpiceMainChannel *channel, int id,
* Since: 0.35
**/
void spice_main_channel_update_display(SpiceMainChannel *channel, int id, int x, int y, int width,
- int height, gboolean update)
+ int height, gboolean update)
{
SpiceMainChannelPrivate *c;
--
2.28.0

40
SOURCES/0024-channel-main-Fix-indentation.patch Normal file
View File

@ -0,0 +1,40 @@
From 3c933f53bfa9b679750f5d0bbdc7707134d88598 Mon Sep 17 00:00:00 2001
From: Frediano Ziglio <fziglio@redhat.com>
Date: Fri, 20 Mar 2020 05:19:49 +0000
Subject: [PATCH] channel-main: Fix indentation
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Some mistake in recent patch, thanks to Marc-André's eagle eyes.
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Victor Toso <victortoso@redhat.com>
---
src/channel-main.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/channel-main.c b/src/channel-main.c
index d7669e8..6a1bb40 100644
--- a/src/channel-main.c
+++ b/src/channel-main.c
@@ -283,13 +283,13 @@ static void spice_main_get_property(GObject *object,
switch (prop_id) {
case PROP_MOUSE_MODE:
g_value_set_int(value, c->mouse_mode);
- break;
+ break;
case PROP_AGENT_CONNECTED:
g_value_set_boolean(value, c->agent_connected);
- break;
+ break;
case PROP_AGENT_CAPS_0:
g_value_set_int(value, c->agent_caps[0]);
- break;
+ break;
case PROP_DISPLAY_DISABLE_WALLPAPER:
g_value_set_boolean(value, c->display_disable_wallpaper);
break;
--
2.28.0

42
SOURCES/0025-channel-main-Remove-unused-declaration.patch Normal file
View File

@ -0,0 +1,42 @@
From 41c8a60e5e9451080863d2f87bb0f5007a71cc34 Mon Sep 17 00:00:00 2001
From: Frediano Ziglio <freddy77@gmail.com>
Date: Tue, 4 Aug 2020 15:50:03 +0100
Subject: [PATCH] channel-main: Remove unused declaration
OldRedMigrationBegin is not used. Last usage removed in
commit f944ad6935f12efe47f78cbde1c5e6db31442597
More cleanup for old protocol support
Support for protocol version 1 was dropped in commit f77a1d50.
Signed-off-by: Frediano Ziglio <freddy77@gmail.com>
---
src/channel-main.c | 10 ----------
1 file changed, 10 deletions(-)
diff --git a/src/channel-main.c b/src/channel-main.c
index e944771..3dd94a2 100644
--- a/src/channel-main.c
+++ b/src/channel-main.c
@@ -2326,16 +2326,6 @@ static gboolean main_migrate_handshake_done(gpointer data)
return FALSE;
}
-#ifdef __GNUC__
-typedef struct __attribute__ ((__packed__)) OldRedMigrationBegin {
-#else
-typedef struct __declspec(align(1)) OldRedMigrationBegin {
-#endif
- uint16_t port;
- uint16_t sport;
- char host[0];
-} OldRedMigrationBegin;
-
/* main context */
static gboolean migrate_connect(gpointer data)
{
--
2.28.0

26
SOURCES/0026-main-add-a-few-missing-vdagent-capability-descriptio.patch Normal file
View File

@ -0,0 +1,26 @@
From 8d60d4fc3fe0bd620f216091b24bbb8b72bb055a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
Date: Mon, 17 Aug 2020 14:36:05 +0400
Subject: [PATCH] main: add a few missing vdagent capability descriptions
Acked-by: Frediano Ziglio <fziglio@redhat.com>
---
src/channel-main.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/channel-main.c b/src/channel-main.c
index 3dd94a2..671716a 100644
--- a/src/channel-main.c
+++ b/src/channel-main.c
@@ -222,6 +222,8 @@ static const char *agent_caps[] = {
[ VD_AGENT_CAP_AUDIO_VOLUME_SYNC ] = "volume-sync",
[ VD_AGENT_CAP_MONITORS_CONFIG_POSITION ] = "monitors config position",
[ VD_AGENT_CAP_FILE_XFER_DISABLED ] = "file transfer disabled",
+ [ VD_AGENT_CAP_FILE_XFER_DETAILED_ERRORS ] = "file transfer detailed errors",
+ [ VD_AGENT_CAP_GRAPHICS_DEVICE_INFO ] = "graphics device info",
[ VD_AGENT_CAP_CLIPBOARD_NO_RELEASE_ON_REGRAB ] = "no release on re-grab",
[ VD_AGENT_CAP_CLIPBOARD_GRAB_SERIAL ] = "clipboard grab serial",
};
--
2.28.0

39
SOURCES/0027-main-add-stricter-pre-condition-on-display-id-value.patch Normal file
View File

@ -0,0 +1,39 @@
From e521ddee98961bb30a7a3d93c6c01dddb7da3662 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
Date: Tue, 15 Sep 2020 13:09:46 +0400
Subject: [PATCH] main: add stricter pre-condition on display id value
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Acked-by: Frediano Ziglio <fziglio@redhat.com>
---
src/channel-main.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/channel-main.c b/src/channel-main.c
index 671716a..5fcf8e8 100644
--- a/src/channel-main.c
+++ b/src/channel-main.c
@@ -2723,7 +2723,7 @@ void spice_main_channel_update_display(SpiceMainChannel *channel, int id, int x,
c = SPICE_MAIN_CHANNEL(channel)->priv;
- g_return_if_fail(id < SPICE_N_ELEMENTS(c->display));
+ g_return_if_fail(id >= 0 && id < SPICE_N_ELEMENTS(c->display));
SpiceDisplayConfig display = {
.x = x, .y = y, .width = width, .height = height,
@@ -3040,7 +3040,7 @@ void spice_main_channel_update_display_enabled(SpiceMainChannel *channel, int id
c->display[i].display_state = display_state;
}
} else {
- g_return_if_fail(id < G_N_ELEMENTS(c->display));
+ g_return_if_fail(id >= 0 && id < G_N_ELEMENTS(c->display));
if (c->display[id].display_state == display_state)
return;
c->display[id].display_state = display_state;
--
2.28.0

273
SOURCES/0028-channel-main-Use-heap-and-reference-counting-for-spi.patch Normal file
View File

@ -0,0 +1,273 @@
From 8f1147b4119f920b69eb9c577121cbd5ac1e1d70 Mon Sep 17 00:00:00 2001
From: Frediano Ziglio <freddy77@gmail.com>
Date: Mon, 10 Aug 2020 15:27:09 +0100
Subject: [PATCH 28/31] channel-main: Use heap and reference counting for
spice_migrate
Don't use the stack, it will potentially disappear (see mig
variable in main_migrate_connect).
For instance channels use this structure when they are freed. As
the free is done in delayed mode the initial coroutine could be
ended releasing the stack and causing a segmentation fault.
This fixes https://bugzilla.redhat.com/show_bug.cgi?id=1867564.
Signed-off-by: Frediano Ziglio <freddy77@gmail.com>
Acked-by: Uri Lublin <uril@redhat.com>
---
src/channel-main.c | 110 ++++++++++++++++++++++++++++++++-------------
1 file changed, 78 insertions(+), 32 deletions(-)
diff --git a/src/channel-main.c b/src/channel-main.c
index 79fe63c..8caf727 100644
--- a/src/channel-main.c
+++ b/src/channel-main.c
@@ -123,6 +123,7 @@ struct spice_migrate {
struct coroutine *from;
SpiceMigrationDstInfo *info;
SpiceSession *session;
+ int ref_count;
guint nchannels;
SpiceChannel *src_channel;
SpiceChannel *dst_channel;
@@ -175,8 +176,8 @@ static void channel_set_handlers(SpiceChannelClass *klass);
static void agent_send_msg_queue(SpiceMainChannel *channel);
static void agent_free_msg_queue(SpiceMainChannel *channel);
static void migrate_channel_event_cb(SpiceChannel *channel, SpiceChannelEvent event,
- gpointer data);
-static gboolean main_migrate_handshake_done(gpointer data);
+ spice_migrate *mig);
+static gboolean main_migrate_handshake_done(spice_migrate *mig);
static void spice_main_channel_send_migration_handshake(SpiceChannel *channel);
static void file_xfer_flushed(SpiceMainChannel *channel, gboolean success);
static void file_xfer_read_async_cb(GObject *source_object,
@@ -193,6 +194,7 @@ static void file_transfer_operation_task_finished(SpiceFileTransferTask *xfer_ta
GError *error,
gpointer userdata);
static void file_transfer_operation_send_progress(SpiceFileTransferTask *xfer_task);
+static void spice_migrate_unref(spice_migrate *mig);
/* ------------------------------------------------------------------ */
@@ -387,6 +389,7 @@ static void spice_main_channel_finalize(GObject *obj)
{
SpiceMainChannelPrivate *c = SPICE_MAIN_CHANNEL(obj)->priv;
+ spice_migrate_unref(c->migrate_data);
g_free(c->agent_msg_data);
agent_free_msg_queue(SPICE_MAIN_CHANNEL(obj));
@@ -2242,11 +2245,50 @@ static void main_handle_agent_token(SpiceChannel *channel, SpiceMsgIn *in)
agent_send_msg_queue(SPICE_MAIN_CHANNEL(channel));
}
+static spice_migrate*
+spice_migrate_ref(spice_migrate *mig)
+{
+ if (mig != NULL) {
+ mig->ref_count++;
+ }
+ return mig;
+}
+
+static void
+spice_migrate_unref(spice_migrate *mig)
+{
+ if (mig != NULL && --mig->ref_count == 0) {
+ g_free(mig);
+ }
+}
+
+static inline void
+spice_migrate_idle_add(gboolean (*func)(spice_migrate *mig), spice_migrate *mig)
+{
+ g_idle_add_full(G_PRIORITY_DEFAULT_IDLE, (GSourceFunc) func, spice_migrate_ref(mig),
+ (GDestroyNotify) spice_migrate_unref);
+}
+
+static void
+spice_migrate_closure_unref(spice_migrate *mig, GClosure *closure)
+{
+ spice_migrate_unref(mig);
+}
+
+static gulong
+spice_migrate_signal_connect(gpointer instance, const gchar *detailed_signal,
+ GCallback func, spice_migrate *mig)
+{
+ return g_signal_connect_data(instance, detailed_signal, func, spice_migrate_ref(mig),
+ (GClosureNotify) spice_migrate_closure_unref,
+ (GConnectFlags) 0);
+}
+
/* main context */
-static void migrate_channel_new_cb(SpiceSession *s, SpiceChannel *channel, gpointer data)
+static void migrate_channel_new_cb(SpiceSession *s, SpiceChannel *channel, spice_migrate *mig)
{
- g_signal_connect(channel, "channel-event",
- G_CALLBACK(migrate_channel_event_cb), data);
+ spice_migrate_signal_connect(channel, "channel-event",
+ G_CALLBACK(migrate_channel_event_cb), mig);
}
static void
@@ -2267,7 +2309,7 @@ static void spice_main_channel_send_migration_handshake(SpiceChannel *channel)
if (!spice_channel_test_capability(channel, SPICE_MAIN_CAP_SEAMLESS_MIGRATE)) {
c->migrate_data->do_seamless = false;
- g_idle_add(main_migrate_handshake_done, c->migrate_data);
+ spice_migrate_idle_add(main_migrate_handshake_done, c->migrate_data);
} else {
SpiceMsgcMainMigrateDstDoSeamless msg_data;
SpiceMsgOut *msg_out;
@@ -2282,13 +2324,12 @@ static void spice_main_channel_send_migration_handshake(SpiceChannel *channel)
/* main context */
static void migrate_channel_event_cb(SpiceChannel *channel, SpiceChannelEvent event,
- gpointer data)
+ spice_migrate *mig)
{
- spice_migrate *mig = data;
SpiceChannelPrivate *c = SPICE_CHANNEL(channel)->priv;
g_return_if_fail(mig->nchannels > 0);
- g_signal_handlers_disconnect_by_func(channel, migrate_channel_event_cb, data);
+ g_signal_handlers_disconnect_by_func(channel, migrate_channel_event_cb, mig);
switch (event) {
case SPICE_CHANNEL_OPENED:
@@ -2299,7 +2340,8 @@ static void migrate_channel_event_cb(SpiceChannel *channel, SpiceChannelEvent ev
c->state = SPICE_CHANNEL_STATE_MIGRATION_HANDSHAKE;
mig->dst_channel = channel;
- main_priv->migrate_data = mig;
+ spice_migrate_unref(main_priv->migrate_data);
+ main_priv->migrate_data = spice_migrate_ref(mig);
} else {
c->state = SPICE_CHANNEL_STATE_MIGRATING;
mig->nchannels--;
@@ -2332,9 +2374,8 @@ static void migrate_channel_event_cb(SpiceChannel *channel, SpiceChannelEvent ev
}
/* main context */
-static gboolean main_migrate_handshake_done(gpointer data)
+static gboolean main_migrate_handshake_done(spice_migrate *mig)
{
- spice_migrate *mig = data;
SpiceChannelPrivate *c = SPICE_CHANNEL(mig->dst_channel)->priv;
g_return_val_if_fail(c->channel_type == SPICE_CHANNEL_MAIN, FALSE);
@@ -2348,9 +2389,8 @@ static gboolean main_migrate_handshake_done(gpointer data)
}
/* main context */
-static gboolean migrate_connect(gpointer data)
+static gboolean migrate_connect(spice_migrate *mig)
{
- spice_migrate *mig = data;
SpiceChannelPrivate *c;
int port, sport;
const char *host;
@@ -2393,8 +2433,8 @@ static gboolean migrate_connect(gpointer data)
g_object_set(mig->session, "host", host, NULL);
spice_session_set_port(mig->session, port, FALSE);
spice_session_set_port(mig->session, sport, TRUE);
- g_signal_connect(mig->session, "channel-new",
- G_CALLBACK(migrate_channel_new_cb), mig);
+ spice_migrate_signal_connect(mig->session, "channel-new",
+ G_CALLBACK(migrate_channel_new_cb), mig);
g_signal_emit(mig->src_channel, signals[SPICE_MIGRATION_STARTED], 0,
mig->session);
@@ -2414,50 +2454,56 @@ static void main_migrate_connect(SpiceChannel *channel,
{
SpiceMainChannelPrivate *main_priv = SPICE_MAIN_CHANNEL(channel)->priv;
int reply_type = SPICE_MSGC_MAIN_MIGRATE_CONNECT_ERROR;
- spice_migrate mig = { 0, };
+ spice_migrate *mig;
SpiceMsgOut *out;
SpiceSession *session;
- mig.src_channel = channel;
- mig.info = dst_info;
- mig.from = coroutine_self();
- mig.do_seamless = do_seamless;
- mig.src_mig_version = src_mig_version;
+ mig = spice_new0(spice_migrate, 1);
+ mig->ref_count = 1;
+ mig->src_channel = channel;
+ mig->info = dst_info;
+ mig->from = coroutine_self();
+ mig->do_seamless = do_seamless;
+ mig->src_mig_version = src_mig_version;
CHANNEL_DEBUG(channel, "migrate connect");
session = spice_channel_get_session(channel);
- mig.session = spice_session_new_from_session(session);
- if (mig.session == NULL)
+ mig->session = spice_session_new_from_session(session);
+ if (mig->session == NULL) {
goto end;
- if (!spice_session_set_migration_session(session, mig.session))
+ }
+ if (!spice_session_set_migration_session(session, mig->session)) {
goto end;
+ }
- main_priv->migrate_data = &mig;
+ spice_migrate_unref(main_priv->migrate_data);
+ main_priv->migrate_data = spice_migrate_ref(mig);
/* no need to track idle, call is sync for this coroutine */
- g_idle_add(migrate_connect, &mig);
+ spice_migrate_idle_add(migrate_connect, mig);
/* switch to main loop and wait for connections */
coroutine_yield(NULL);
- if (mig.nchannels != 0) {
+ if (mig->nchannels != 0) {
CHANNEL_DEBUG(channel, "migrate failed: some channels failed to connect");
spice_session_abort_migration(session);
} else {
- if (mig.do_seamless) {
+ if (mig->do_seamless) {
SPICE_DEBUG("migration (seamless): connections all ok");
reply_type = SPICE_MSGC_MAIN_MIGRATE_CONNECTED_SEAMLESS;
} else {
SPICE_DEBUG("migration (semi-seamless): connections all ok");
reply_type = SPICE_MSGC_MAIN_MIGRATE_CONNECTED;
}
- spice_session_start_migrating(session, mig.do_seamless);
+ spice_session_start_migrating(session, mig->do_seamless);
}
end:
CHANNEL_DEBUG(channel, "migrate connect reply %d", reply_type);
out = spice_msg_out_new(channel, reply_type);
spice_msg_out_send(out);
+ spice_migrate_unref(mig);
}
/* coroutine context */
@@ -2489,7 +2535,7 @@ static void main_handle_migrate_dst_seamless_ack(SpiceChannel *channel, SpiceMsg
g_return_if_fail(c->state == SPICE_CHANNEL_STATE_MIGRATION_HANDSHAKE);
main_priv->migrate_data->do_seamless = true;
- g_idle_add(main_migrate_handshake_done, main_priv->migrate_data);
+ spice_migrate_idle_add(main_migrate_handshake_done, main_priv->migrate_data);
}
static void main_handle_migrate_dst_seamless_nack(SpiceChannel *channel, SpiceMsgIn *in)
@@ -2501,7 +2547,7 @@ static void main_handle_migrate_dst_seamless_nack(SpiceChannel *channel, SpiceMs
g_return_if_fail(c->state == SPICE_CHANNEL_STATE_MIGRATION_HANDSHAKE);
main_priv->migrate_data->do_seamless = false;
- g_idle_add(main_migrate_handshake_done, main_priv->migrate_data);
+ spice_migrate_idle_add(main_migrate_handshake_done, main_priv->migrate_data);
}
/* main context */
--
2.28.0

71
SOURCES/0029-channel-main-Copy-SpiceMigrationDstInfo-into-spice_m.patch Normal file
View File

@ -0,0 +1,71 @@
From ab42be2b00d12d0bc98c6ddea08a7f969e83b2ac Mon Sep 17 00:00:00 2001
From: Frediano Ziglio <freddy77@gmail.com>
Date: Mon, 10 Aug 2020 15:35:26 +0100
Subject: [PATCH 29/31] channel-main: Copy SpiceMigrationDstInfo into
spice_migrate
The message could disappear while the structure is used.
Signed-off-by: Frediano Ziglio <freddy77@gmail.com>
Acked-by: Uri Lublin <uril@redhat.com>
---
src/channel-main.c | 15 +++++++++++----
1 file changed, 11 insertions(+), 4 deletions(-)
diff --git a/src/channel-main.c b/src/channel-main.c
index 8caf727..5f81975 100644
--- a/src/channel-main.c
+++ b/src/channel-main.c
@@ -121,7 +121,7 @@ struct _SpiceMainChannelPrivate {
struct spice_migrate {
struct coroutine *from;
- SpiceMigrationDstInfo *info;
+ SpiceMigrationDstInfo info;
SpiceSession *session;
int ref_count;
guint nchannels;
@@ -2258,6 +2258,8 @@ static void
spice_migrate_unref(spice_migrate *mig)
{
if (mig != NULL && --mig->ref_count == 0) {
+ g_free(mig->info.host_data);
+ g_free(mig->info.cert_subject_data);
g_free(mig);
}
}
@@ -2396,7 +2398,6 @@ static gboolean migrate_connect(spice_migrate *mig)
const char *host;
g_return_val_if_fail(mig != NULL, FALSE);
- g_return_val_if_fail(mig->info != NULL, FALSE);
g_return_val_if_fail(mig->nchannels == 0, FALSE);
c = SPICE_CHANNEL(mig->src_channel)->priv;
g_return_val_if_fail(c != NULL, FALSE);
@@ -2404,7 +2405,7 @@ static gboolean migrate_connect(spice_migrate *mig)
spice_session_set_migration_state(mig->session, SPICE_SESSION_MIGRATION_CONNECTING);
- SpiceMigrationDstInfo *info = mig->info;
+ SpiceMigrationDstInfo *info = &mig->info;
SPICE_DEBUG("migrate_begin %u %s %d %d",
info->host_size, info->host_data, info->port, info->sport);
port = info->port;
@@ -2461,7 +2462,13 @@ static void main_migrate_connect(SpiceChannel *channel,
mig = spice_new0(spice_migrate, 1);
mig->ref_count = 1;
mig->src_channel = channel;
- mig->info = dst_info;
+ mig->info = *dst_info;
+ if (dst_info->host_data) {
+ mig->info.host_data = (void *) g_strdup((char*) dst_info->host_data);
+ }
+ if (dst_info->cert_subject_data) {
+ mig->info.cert_subject_data = (void *) g_strdup((char*) dst_info->cert_subject_data);
+ }
mig->from = coroutine_self();
mig->do_seamless = do_seamless;
mig->src_mig_version = src_mig_version;
--
2.28.0

47
SOURCES/0030-channel-main-Make-more-clear-that-host_data-and-cert.patch Normal file
View File

@ -0,0 +1,47 @@
From 1f2a7a079a42ac9bccc12749c5eac4fcdbd48b2e Mon Sep 17 00:00:00 2001
From: Frediano Ziglio <freddy77@gmail.com>
Date: Wed, 16 Sep 2020 17:12:14 +0100
Subject: [PATCH 30/31] channel-main: Make more clear that host_data and
cert_subject_data are C strings
After commit ab42be2b00d12d0bc98c6ddea08a7f969e83b2ac ("channel-main:
Copy SpiceMigrationDstInfo into spice_migrate") host_data and
cert_subject_data fields in spice_migrate structure are proper
terminated C strings so:
- check pointer instead of related field;
- you don't need to terminate again.
Signed-off-by: Frediano Ziglio <freddy77@gmail.com>
Acked-by: Uri Lublin <uril@redhat.com>
---
src/channel-main.c | 8 ++------
1 file changed, 2 insertions(+), 6 deletions(-)
diff --git a/src/channel-main.c b/src/channel-main.c
index 5f81975..2881d59 100644
--- a/src/channel-main.c
+++ b/src/channel-main.c
@@ -2412,18 +2412,14 @@ static gboolean migrate_connect(spice_migrate *mig)
sport = info->sport;
host = (char*)info->host_data;
- if (info->cert_subject_size == 0 ||
+ if (info->cert_subject_data == NULL ||
strlen((const char*)info->cert_subject_data) == 0) {
/* only verify hostname if no cert subject */
g_object_set(mig->session, "verify", SPICE_SESSION_VERIFY_HOSTNAME, NULL);
} else {
- gchar *subject = g_alloca(info->cert_subject_size + 1);
- strncpy(subject, (const char*)info->cert_subject_data, info->cert_subject_size);
- subject[info->cert_subject_size] = '\0';
-
// session data are already copied
g_object_set(mig->session,
- "cert-subject", subject,
+ "cert-subject", info->cert_subject_data,
"verify", SPICE_SESSION_VERIFY_SUBJECT,
NULL);
}
--
2.28.0

38
SOURCES/0031-channel-main-Handle-not-terminated-host_data-and-cer.patch Normal file
View File

@ -0,0 +1,38 @@
From 9b98e01c8f5d0dc8faaf3af7b8fc95768e1ff0ad Mon Sep 17 00:00:00 2001
From: Frediano Ziglio <freddy77@gmail.com>
Date: Wed, 16 Sep 2020 15:50:33 +0100
Subject: [PATCH 31/31] channel-main: Handle not terminated host_data and
cert_subject_data fields
host_data and cert_subject_data fields from SPICE messages could be
not NUL terminated so using g_strdup can lead to some read overflow.
This bug was discovered by Uri Lublin.
Signed-off-by: Frediano Ziglio <freddy77@gmail.com>
Acked-by: Uri Lublin <uril@redhat.com>
---
src/channel-main.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/src/channel-main.c b/src/channel-main.c
index 2881d59..5fefded 100644
--- a/src/channel-main.c
+++ b/src/channel-main.c
@@ -2460,10 +2460,11 @@ static void main_migrate_connect(SpiceChannel *channel,
mig->src_channel = channel;
mig->info = *dst_info;
if (dst_info->host_data) {
- mig->info.host_data = (void *) g_strdup((char*) dst_info->host_data);
+ mig->info.host_data = (void *) g_strndup((char*) dst_info->host_data, dst_info->host_size);
}
if (dst_info->cert_subject_data) {
- mig->info.cert_subject_data = (void *) g_strdup((char*) dst_info->cert_subject_data);
+ mig->info.cert_subject_data = (void *) g_strndup((char*) dst_info->cert_subject_data,
+ dst_info->cert_subject_size);
}
mig->from = coroutine_self();
mig->do_seamless = do_seamless;
--
2.28.0

32
SPECS/spice-gtk.spec
View File

@ -2,7 +2,7 @@
Name: spice-gtk
Version: 0.38
Release: 4%{?dist}
Release: 6%{?dist}
Summary: A GTK+ widget for SPICE clients
Group: System Environment/Libraries
@ -29,6 +29,28 @@ Patch0014: 0014-Remove-some-warnings-from-Clang-static-analyzer.patch
Patch0015: 0015-ssl_verify-Do-not-check-IP-if-we-fail-to-resolve-it.patch
Patch0016: 0016-usb-backend-Fix-spice-usbredir-redirect-on-connect-o.patch
Patch0017: 0017-empty_cd_clicked_cb-g_free-basename.patch
Patch0018: 0018-spice_usbutil_parse_usbids-verify-at-least-one-vendo.patch
Patch0019: 0019-sink_event_probe-do-not-keep-duration-in-a-variable.patch
Patch0020: 0020-mark_false_event_id-is-guint-assign-0-to-it-not-FALS.patch
Patch0021: 0021-usb-backend-create_emulated_device-assert-address-32.patch
Patch0022: 0022-spice-utils-allocate-ctx-after-g_return_val_if_fail.patch
# migration fixes: some earlier patches to make the following patches apply
Patch0023: 0023-channel-main-Fix-indentation.patch
Patch0024: 0024-channel-main-Fix-indentation.patch
Patch0025: 0025-channel-main-Remove-unused-declaration.patch
# related to patch 0009
Patch0026: 0026-main-add-a-few-missing-vdagent-capability-descriptio.patch
# same file, safer code
Patch0027: 0027-main-add-stricter-pre-condition-on-display-id-value.patch
# migration fixes: the patches
Patch0028: 0028-channel-main-Use-heap-and-reference-counting-for-spi.patch
Patch0029: 0029-channel-main-Copy-SpiceMigrationDstInfo-into-spice_m.patch
Patch0030: 0030-channel-main-Make-more-clear-that-host_data-and-cert.patch
Patch0031: 0031-channel-main-Handle-not-terminated-host_data-and-cer.patch
BuildRequires: meson
BuildRequires: git-core
BuildRequires: gnupg2
@ -196,6 +218,14 @@ gpgv2 --quiet --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0}
%{_bindir}/spicy-stats
%changelog
* Sun Dec 13 2020 Uri Lublin <uril@redhat.com> - 0.38-6
- Fix some migration issues
Related: rhbz#1867564
* Thu Dec 03 2020 Uri Lublin <uril@redhat.com> - 0.38-5
- Fix more static analyzer issues
Resolves: rhbz#1839104
* Mon Nov 9 18:01:40 IST 2020 Uri Lublin <uril@redhat.com> - 0.38-4
- Fix some static analyzer issues
Resolves: rhbz#1839104