40 lines
1.4 KiB
Diff
40 lines
1.4 KiB
Diff
From 055a310f655ad436599c4fef965f2b3e7bc0f17f Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
|
|
Date: Tue, 25 Feb 2014 11:42:47 +0100
|
|
Subject: [PATCH spice-gtk] display: fix crash when releasing primary surface
|
|
|
|
Since 1fcaaa15f8aca362f9e6afc87fb43cfbccf6ff62, display_surface is
|
|
allocated using gslice. However MSG_DISPLAY_MODE handler didn't allocate
|
|
using GSlice. This can eventually lead to a crash when freeing, such as:
|
|
|
|
Thread no. 1 (6 frames)
|
|
#2 g_slice_free1 at gslice.c:1097
|
|
#3 iter_remove_or_steal at ghash.c:787
|
|
#4 clear_surfaces at /lib64/libspice-client-glib-2.0.so.8
|
|
#5 spice_display_channel_finalize at
|
|
/lib64/libspice-client-glib-2.0.so.8
|
|
#7 spice_channel_delayed_unref at /lib64/libspice-client-glib-2.0.so.8
|
|
#12 gtk_main at gtkmain.c:1158
|
|
|
|
https://bugzilla.redhat.com/show_bug.cgi?id=1069546
|
|
---
|
|
gtk/channel-display.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/gtk/channel-display.c b/gtk/channel-display.c
|
|
index e464abf..96fd764 100644
|
|
--- a/gtk/channel-display.c
|
|
+++ b/gtk/channel-display.c
|
|
@@ -886,7 +886,7 @@ static void display_handle_mode(SpiceChannel *channel, SpiceMsgIn *in)
|
|
|
|
g_warn_if_fail(c->mark == FALSE);
|
|
|
|
- surface = spice_new0(display_surface, 1);
|
|
+ surface = g_slice_new0(display_surface);
|
|
surface->format = mode->bits == 32 ?
|
|
SPICE_SURFACE_FMT_32_xRGB : SPICE_SURFACE_FMT_16_555;
|
|
surface->width = mode->x_res;
|
|
--
|
|
1.8.5.3
|
|
|