From 291f3e4419e6fb4077ae43a5e09eb1c37b9dd729 Mon Sep 17 00:00:00 2001
From: Victor Toso <me@victortoso.com>
Date: Tue, 29 Nov 2016 22:34:04 +0100
Subject: [PATCH spice-gtk] channel-usbredir: Fix crash on channel-up

SpiceSession does not initialize its SpiceUsbDeviceManager object on
startup that could lead to a race condition where channel-usbredir is
requested to flush data while it is uninitialized.

In a few places, spice_usb_device_manager_get() is called as in
usb-device-widget.c and spice-gtk-session.c but not used in
spicy-stats, making the tool to crash on startup if it encounters an
usbredir channel.

 #0 in usbredirhost_write_guest_data (host=0x0) at usbredir/usbredirhost/usbredirhost.c:876
 #1 in spice_usbredir_channel_up (c=0x643830) at channel-usbredir.c:821
 #2 in spice_channel_up (channel=0x643830) at spice-channel.c:1238
 #3 in spice_channel_recv_auth (channel=0x643830) at spice-channel.c:1225
 #4 in spice_channel_coroutine (data=0x643830) at spice-channel.c:2580
 #5 in coroutine_trampoline (cc=0x642ec0) at coroutine_ucontext.c:63
 #6 in continuation_trampoline (i0=6565568, i1=0) at continuation.c:55

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1399838

Signed-off-by: Victor Toso <victortoso@redhat.com>
Reported-by: Michael Cullen <michael@cullen-online.com>
Acked-by: Christophe Fergeau <cfergeau@redhat.com>
---
 src/spice-session.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/spice-session.c b/src/spice-session.c
index f900bd1..cc3dbdd 100644
--- a/src/spice-session.c
+++ b/src/spice-session.c
@@ -281,6 +281,7 @@ static void spice_session_init(SpiceSession *session)
 {
     SpiceSessionPrivate *s;
     gchar *channels;
+    GError *err = NULL;
 
     SPICE_DEBUG("New session (compiled from package " PACKAGE_STRING ")");
     s = session->priv = SPICE_SESSION_GET_PRIVATE(session);
@@ -293,6 +294,12 @@ static void spice_session_init(SpiceSession *session)
     s->images = cache_image_new((GDestroyNotify)pixman_image_unref);
     s->glz_window = glz_decoder_window_new();
     update_proxy(session, NULL);
+
+    s->usb_manager = spice_usb_device_manager_get(session, &err);
+    if (err != NULL) {
+        SPICE_DEBUG("Could not initialize SpiceUsbDeviceManager - %s", err->message);
+        g_clear_error(&err);
+    }
 }
 
 static void
-- 
2.13.1.395.gf7b71de06