From 07b7abeb59fbdc5dd3d67d62951a1e8708b07089 Mon Sep 17 00:00:00 2001
From: Frediano Ziglio <fziglio@redhat.com>
Date: Tue, 10 May 2016 15:13:14 +0100
Subject: [PATCH] fix crash if agent interface is removed

Removing an interface cause SpiceBaseInstance->st to be set to NULL.
This pointer was then deferenced in agent code.
As SpiceBaseInstance should not be used after this call make sure
we don't keep pointers to it.

Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Christophe Fergeau <cfergeau@redhat.com>
---
 server/reds.c         | 1 +
 server/spice-server.h | 5 +++++
 2 files changed, 6 insertions(+)

diff --git a/server/reds.c b/server/reds.c
index f0ebf0cd..9898fe54 100644
--- a/server/reds.c
+++ b/server/reds.c
@@ -3265,6 +3265,7 @@ static void spice_server_char_device_remove_interface(RedsState *reds, SpiceBase
     if (strcmp(char_device->subtype, SUBTYPE_VDAGENT) == 0) {
         if (reds->vdagent) {
             reds_agent_remove(reds);
+            red_char_device_reset_dev_instance(RED_CHAR_DEVICE(reds->agent_dev), NULL);
         }
     }
 #ifdef USE_SMARTCARD
diff --git a/server/spice-server.h b/server/spice-server.h
index d309f180..87c5c59d 100644
--- a/server/spice-server.h
+++ b/server/spice-server.h
@@ -67,6 +67,11 @@ int spice_server_add_ssl_client(SpiceServer *s, int socket, int skip_auth);
 
 int spice_server_add_interface(SpiceServer *s,
                                SpiceBaseInstance *sin);
+/**
+ * Remove an interface from SpiceServer.
+ * SpiceServer won't be using the interface anymore, so it can
+ * be freed or reused.
+ */
 int spice_server_remove_interface(SpiceBaseInstance *sin);
 
 // Needed for backward API compatibility