pxcloud/spice
5
0
Fork 0
mirror of https://gitlab.uni-freiburg.de/opensourcevdi/spice synced 2025-12-27 07:29:32 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
2,948 Commits 29 Branches 62 Tags 9.6 MiB
7188cefdd2
Commit Graph

2127 Commits

Author SHA1 Message Date
Jonathon Jongsma
7188cefdd2 Rename RCC_TO_DCC() to DISPLAY_CHANNEL_CLIENT() 
Prepare for port to GObject

Acked-by: Frediano Ziglio <fziglio@redhat.com
 2016-09-08 09:40:15 +01:00
Jonathon Jongsma
82d4edc75a Add DisplayChannelClientPrivate and CursorChannelPrivate structs 
These need to be introduced at the same time since cache-item.tmpl.c
assumes that both of these classes will have a cache in the same place:
either within the channel client struct itself or (now) within a priv
struct owned by the channel client.

This encapsulates private data and prepares for porting to GObject.

Acked-by: Frediano Ziglio <fziglio@redhat.com
 2016-09-08 09:40:15 +01:00
Jonathon Jongsma
51ccb44af0 Add RedChannelClientPrivate struct 
Encapsulate private data and prepare for port to GObject

Acked-by: Frediano Ziglio <fziglio@redhat.com
 2016-09-08 09:40:15 +01:00
Jonathon Jongsma
aa2430e5ad Add MainChannelClientPrivate struct 
Encapsulate private data and prepare for port to GObject

Acked-by: Frediano Ziglio <fziglio@redhat.com
 2016-09-08 09:40:15 +01:00
Jonathon Jongsma
e8a8607f5f Add InputsChannelClientPrivate struct 
Encapsulate private data and prepare for port to GObject.

Acked-by: Frediano Ziglio <fziglio@redhat.com
 2016-09-08 09:40:15 +01:00
Jonathon Jongsma
9b1e018da6 Add SmartCardChannelClientPrivate struct 
Prepare to port to GObject by encapsulating all private data

Acked-by: Frediano Ziglio <fziglio@redhat.com
 2016-09-08 09:40:15 +01:00
Jonathon Jongsma
7dd8e8be76 Move CursorChannelClient to separate file 
Acked-by: Frediano Ziglio <fziglio@redhat.com
 2016-09-08 09:38:04 +01:00
Jonathon Jongsma
bed132d6e2 Move RedChannelClient to separate file 
Reduce direct access to RedChannelClient, and get ready to convert to
GObject.

Acked-by: Frediano Ziglio <fziglio@redhat.com
 2016-09-08 09:37:59 +01:00
Pavel Grunt
1796160095 tests: Check setting of agent properties 
Acked-by: Frediano Ziglio <fziglio@redhat.com>
 2016-09-07 14:18:50 +02:00
Pavel Grunt
bf68b73ba6 reds: Do not crash when setting agent property 
Agent properties like file transfer or copy & paste can be disabled by
calling spice_server_set_agent_{copypaste, file_xfer} before the spice
server is initialized. In that case the call crashes the server because
the agent device is created after the initialization.

To avoid the crash this commit introduce a helper function for setting
the agent properties after the server is initialized.

Acked-by: Frediano Ziglio <fziglio@redhat.com>
 2016-09-07 14:18:05 +02:00
Jonathon Jongsma
d529bfd4f0 Use red_channel_client_get_stream() 
Don't touch the rcc struct directly. Improve encapsulation to help
prepare for separating RedChannelClient to a separate file.
 2016-08-30 16:53:29 -05:00
Jonathon Jongsma
66c5700602 Don't poke RedChannelClient::send_data from RedChannel 
More preparation for separating RedChannelClient into a separate file.
Rename function slightly for improved readability:
 red_channel_client_blocked() -> red_channel_client_is_blocked()
 2016-08-30 16:53:29 -05:00
Jonathon Jongsma
7b8087a71d Add red_channel_client_(set|is)_destroying() 
Encapsulate the structure a bit more and avoid poking into it from other
class implementations. Getting ready to split RedChannelClient out to a
separate file.
 2016-08-30 16:53:29 -05:00
Jonathon Jongsma
2fa1c1e3fd Use red_channel_client_get_client() everywhere 
Instead of having all other classes poke into the RedChannelClient
struct to get the RedClient associated with the channel client, call the
accessor function. This commit allows us to encapsulate RedChannelClient
and move it to its own file soon.
 2016-08-30 16:53:29 -05:00
Jonathon Jongsma
d5d59d0858 Add red_channel_client_get_channel() 
Don't poke into the structure to get the channel

This prepares for encapsulating RedChannelClient a bit more and
separating it into its own source file.
 2016-08-30 16:53:29 -05:00
Francois Gouget
d146793dd9 server: Use SPICE_GNUC_DEPRECATED to avoid a dependency on glib.h 
spice-server.h cannot include glib.h because it is a public header and
is used by projects that do not use GLib.

Signed-off-by: Francois Gouget <fgouget@codeweavers.com>
Acked-by: Frediano Ziglio <fziglio@redhat.com>
 2016-08-12 09:47:40 +01:00
Frediano Ziglio
319a31ad81 OpenSSL from 1.1.0 is thread safe by default 
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Pavel Grunt <pgrunt@redhat.com>
 2016-08-12 09:30:47 +01:00
Frediano Ziglio
7951a31756 Avoids to initialise OpenSSL threading twice 
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Pavel Grunt <pgrunt@redhat.com>
 2016-08-11 14:47:25 +01:00
Frediano Ziglio
a318f3e981 gstreamer: Use a dummy format to make sure format is always defined. 
This avoid a check for NULL.
Also will be used to catch invalid values when table will be extended.

Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Pavel Grunt <pgrunt@redhat.com>
 2016-08-11 14:47:25 +01:00
Frediano Ziglio
e58d22a37b Make process_commands_generation variable type coherent 
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Pavel Grunt <pgrunt@redhat.com>
 2016-08-11 14:12:21 +01:00
Frediano Ziglio
0a13066396 gstreamer: Peephole optimisation for SpiceFormatForGStreamer 
Reduce structure length using static allocated string inside the
structure.
This will also avoid using .data.rel.ro section and relocations
reducing even more library size.

Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Pavel Grunt <pgrunt@redhat.com>
 2016-08-11 14:12:21 +01:00
Frediano Ziglio
62cc9643c3 gstreamer: Fix infinite loop in get_period_bit_rate 
This was discovered by chance by me and Uri trying some remote connection
with slow network (8Mbit) and high latency

  $ ping 10.10.48.87 -c 3
  3 packets transmitted, 3 received, 0% packet loss, time 2002ms
  rtt min/avg/max/mdev = 281.069/316.758/374.413/41.153 ms

The encoder->history status was (edited for readability):

(gdb) p ((SpiceGstEncoder*)0x61c000264880)->history_first
$6 = 29
(gdb) p ((SpiceGstEncoder*)0x61c000264880)->history_last
$14 = 28
(gdb) p ((SpiceGstEncoder*)0x61c000264880)->history
[0] {mm_time = 11298131, duration = 7391006, size = 5616},
[1] {mm_time = 11298148, duration = 7373663, size = 5559},
[2] {mm_time = 11298166, duration = 7052209, size = 5511},
[3] {mm_time = 11298183, duration = 7006828, size = 5722},
[4] {mm_time = 11298199, duration = 7433311, size = 5756},
[5] {mm_time = 11298216, duration = 7134734, size = 5545},
[6] {mm_time = 11298232, duration = 7436589, size = 5521},
[7] {mm_time = 11298249, duration = 7152181, size = 5540},
[8] {mm_time = 11298266, duration = 7181308, size = 7796},
[9] {mm_time = 11298283, duration = 5053084, size = 50824},
[10] {mm_time = 11298298, duration = 7472305, size = 7427},
[11] {mm_time = 11298315, duration = 7385017, size = 6682},
[12] {mm_time = 11298333, duration = 7287125, size = 6377},
[13] {mm_time = 11298349, duration = 7191461, size = 6159},
[14] {mm_time = 11298367, duration = 7104546, size = 6035},
[15] {mm_time = 11298382, duration = 7266942, size = 5896},
[16] {mm_time = 11298400, duration = 7108001, size = 5812},
[17] {mm_time = 11298418, duration = 7020583, size = 5807},
[18] {mm_time = 11298433, duration = 7066056, size = 5758},
[19] {mm_time = 11298450, duration = 7052900, size = 5676},
[20] {mm_time = 11298467, duration = 7248233, size = 5765},
[21] {mm_time = 11298483, duration = 7077348, size = 5712},
[22] {mm_time = 11298502, duration = 7495368, size = 5835},
[23] {mm_time = 11298517, duration = 7068626, size = 5805},
[24] {mm_time = 11298534, duration = 7060375, size = 5801},
[25] {mm_time = 11298551, duration = 7020383, size = 5868},
[26] {mm_time = 11298568, duration = 7248400, size = 5830},
[27] {mm_time = 11298584, duration = 7001304, size = 6621},
[28] {mm_time = 11298600, duration = 7311600, size = 6113},
[29] {mm_time = 11297612, duration = 6999174, size = 5666},  <--- to
[30] {mm_time = 11297628, duration = 7506688, size = 5502},
[31] {mm_time = 11297646, duration = 7209494, size = 5687},
[32] {mm_time = 11297663, duration = 7396429, size = 5724},
[33] {mm_time = 11297679, duration = 7172624, size = 5839},
[34] {mm_time = 11297696, duration = 7300811, size = 5645},
[35] {mm_time = 11297713, duration = 7108985, size = 5553},
[36] {mm_time = 11297729, duration = 7171701, size = 5774},
[37] {mm_time = 11297745, duration = 7174018, size = 5637},
[38] {mm_time = 11297762, duration = 7313549, size = 5655},
[39] {mm_time = 11297780, duration = 5183985, size = 51014},
[40] {mm_time = 11297796, duration = 7038329, size = 7374},
[41] {mm_time = 11297813, duration = 7211506, size = 6585},
[42] {mm_time = 11297830, duration = 7112690, size = 5729},
[43] {mm_time = 11297846, duration = 7103074, size = 5761},
[44] {mm_time = 11297864, duration = 7599826, size = 5661},
[45] {mm_time = 11297879, duration = 7355392, size = 5351},
[46] {mm_time = 11297897, duration = 7454367, size = 5488},
[47] {mm_time = 11297913, duration = 7127145, size = 5573},
[48] {mm_time = 11297932, duration = 7550098, size = 5447},
[49] {mm_time = 11297948, duration = 7506884, size = 5809},
[50] {mm_time = 11297966, duration = 7405712, size = 5783},
[51] {mm_time = 11297982, duration = 7182025, size = 5599},
[52] {mm_time = 11298001, duration = 7323887, size = 5817},
[53] {mm_time = 11298014, duration = 7342091, size = 5575},
[54] {mm_time = 11298031, duration = 7596319, size = 5739},
[55] {mm_time = 11298052, duration = 7428169, size = 5669},
[56] {mm_time = 11298065, duration = 7457282, size = 5732},
[57] {mm_time = 11298081, duration = 7174029, size = 5541},
[58] {mm_time = 11298097, duration = 7340512, size = 5680},
[59] {mm_time = 11298115, duration = 7427439, size = 5701}}
(gdb) p from
$16 = 11297544
(gdb) p to
$17 = 11297612

You can see that encoder->history[encoder->history_first].mm_time == to
cause the check index == encoder->history_first to not be executed.

This code change was suggested by Uri.

Reported-by: Uri Lublin <uril@redhat.com>
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Tested-by: Uri Lublin <uril@redhat.com>
Acked-by: Pavel Grunt <pgrunt@redhat.com>
 2016-08-11 14:12:21 +01:00
Frediano Ziglio
2f17d4745e gstreamer: Use static compile check 
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Pavel Grunt <pgrunt@redhat.com>
 2016-08-11 11:24:49 +01:00
Jonathon Jongsma
763dc98c09 Miscellaneous header changes 
Acked-by: Jonathon Jongsma <jjongsma@redhat.com>
 2016-08-09 10:22:46 -05:00
Frediano Ziglio
76cecd66fb remove CommonGraphicsChannelClient structure 
Was just containing a RedChannelClient field

Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Jonathon Jongsma <jjongsma@redhat.com>
 2016-08-09 10:22:46 -05:00
Frediano Ziglio
cbc86e7a1f move is_low_bandwidth to DisplayChannelClient 
The field is only used by DisplayChannelClient, not by CursorChannelClient

Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Jonathon Jongsma <jjongsma@redhat.com>
 2016-08-09 10:22:46 -05:00
Frediano Ziglio
5d61659bba remove common_graphics_channel_new_client function 
The function was just calling another function with same parameters

Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Jonathon Jongsma <jjongsma@redhat.com>
 2016-08-09 10:22:46 -05:00
Frediano Ziglio
eef8d0d8a3 move during_target_migrate out of common_graphics_channel_new_client 
This reduces the number of arguments that need to be passed to the
function, and also avoids changing a different object within a function
that is supposed to just create a new object

Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Jonathon Jongsma <jjongsma@redhat.com>
 2016-08-09 10:22:46 -05:00
Frediano Ziglio
c699e4db3d move channel window setting to config_socket 
Make common_graphics_channel_new_client smaller

Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Jonathon Jongsma <jjongsma@redhat.com>
 2016-08-09 10:22:46 -05:00
Jonathon Jongsma
a84a433e08 Limit direct access to DisplayChannelClient 
Add a few more methods and accessors so that other files don't need to
manipulate the struct members directly. Move the struct definition to a
private header which only the dcc-* files will include.

Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Frediano Ziglio <fziglio@redhat.com>
 2016-08-09 10:22:46 -05:00
Frediano Ziglio
0d2c80c58b gstreamer: Allows to add output format to options 
This allow option string to contain separator so you could set as
"field=value ! format".
This is useful as some encoders use the output format to specify
compression types (for instance with some H264 encoders you can
specify the profile to use).

Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Pavel Grunt <pgrunt@redhat.com>
 2016-08-03 12:57:41 +01:00
Frediano Ziglio
22d41e71ae gstreamer: Peephole optimisation 
SpiceGstFrameInformation change from 24 to 16 bytes reducing
SpiceGstEncoder 480 bytes.

Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Pavel Grunt <pgrunt@redhat.com>
 2016-08-03 11:09:42 +01:00
Frediano Ziglio
f27ee4c0db Reduce indentation inverting condition 
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Christophe Fergeau <cfergeau@redhat.com>
 2016-08-02 10:24:12 +01:00
Frediano Ziglio
777a4c4987 Fix typo for macro names 
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Christophe Fergeau <cfergeau@redhat.com>
 2016-08-02 10:23:40 +01:00
Frediano Ziglio
f242634145 Handle scancode extensions E1 and E2 
Do not handle them as normal keys.
State is not saved for these keys.

Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Pavel Grunt <pgrunt@redhat.com>
 2016-08-01 15:37:18 +01:00
Frediano Ziglio
e189f7cab8 Prevent possible buffer overflow in SpiceKbdState 
key and key_ext in SpiceKbdState are indexed using

   state[scan & 0x7f]

where scan is a 8 bit value got from client. In theory client can send
any value causing scan & 0x7f to be 0x7f. However these arrays contains
only 0x7f values so 0x7f cause a off one overflow.
This potentially cause key_ext to overflow in reds pointer following.
Happily this is not exploitable in either 32 or 64 bit environment.
On 64 bit key_ext is followed by a 4 byte (sizeof(bool) == 4) padding
which is written by the possible overflow.
On 32 bit reds will be overwritten with either 0 or 1 which will cause
a SIGSEGV leading to a DoS. Considering that you have to have access
to the machine with a client you are just shutting down only guests you
can access to.

Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Uri Lublin <uril@redhat.com>
 2016-08-01 12:56:25 +01:00
Marc-André Lureau
e2ae0b3c3f Call migrate_end_complete() after falling back to switch-host 
Eventually, during a seamless migration, qemu may finish to migrate
before the spice client even finished to connect all channels to
destination and informed the server. In this case,
main_channel_client_migrate_src_complete() will fall back to
switch-host method, and reds_mig_fill_wait_disconnect() is called to
complete the migration (disconnecting all channels).

reds_mig_cleanup() is called when all channels are disconnected, but
reds->mig_wait_connect is still TRUE, and it will call
migrate_connect_complete() instead of the expected
migrate_end_complete(). Setting reds->mig_wait_connect to FALSE when
reds_mig_fill_wait_disconnect() solves the issue.

Fixes:
https://bugzilla.redhat.com/show_bug.cgi?id=1352836

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
 2016-07-28 11:57:50 +02:00
Francois Gouget
7be1265e96 streaming: Don't start streaming if there is no video encoder 
Without a video encoder no frame will be streamed anyway.
This fixes the case where the client does not support any of the
server's codecs, such as if it was compiled with --enable-gstvideo=no
--disable-builtin-mjpeg.

Signed-off-by: Francois Gouget <fgouget@codeweavers.com>
 2016-07-28 11:53:12 +02:00
Francois Gouget
29caba2d53 server: Make sure g_object_new receive the correct data 
g_object_new is a variadic function which takes property values.
As the compiler cannot check if these property values are correct,
make sure they are using casts.
This actually fixes a crash in reds.c for 32 bit architectures.

Based on a patch by Frediano Ziglio <fziglio@redhat.com>
Signed-off-by: Francois Gouget <fgouget@codeweavers.com>
 2016-07-27 09:43:03 +02:00
Uri Lublin
4d2a129054 spicevmc_device_connect: get parser for appropriate channel_type 
spicevmc_device_connect() is called for non-usb types too.
 2016-07-14 18:44:54 +03:00
Frediano Ziglio
6aafaef806 Fix gl draw command called without scanout 
This happens during VM shutdown.
Qemu should never send a draw command without scanout.
This should be fixed in Qemu  or in Virgl driver.

Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Uri Lublin <uril@redhat.com>
 2016-07-13 12:53:43 +01:00
Frediano Ziglio
787e886d32 Use fd parameter instead of reading file descriptor from reds 
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Uri Lublin <uril@redhat.com>
 2016-07-13 11:23:04 +01:00
Frediano Ziglio
67eb0edb62 Remove useless return statement 
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Uri Lublin <uril@redhat.com>
 2016-07-13 11:22:55 +01:00
Marc-André Lureau
6b32af3e17 smartcard: allocate msg with the expected size 
This is related to CVE-2016-0749

==529== ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60040009c098 at pc 0x7fffee0eda6d bp 0x7fffffffcd00 sp 0x7fffffffccf0
WRITE of size 4 at 0x60040009c098 thread T0
    #0 0x7fffee0eda6c in smartcard_char_device_notify_reader_add /home/elmarco/pkg/spice/spice-0.12.4/server/smartcard.c:334
    #1 0x7fffee0ef783 in smartcard_add_reader /home/elmarco/pkg/spice/spice-0.12.4/server/smartcard.c:642
    #2 0x7fffee0f0568 in smartcard_channel_handle_message /home/elmarco/pkg/spice/spice-0.12.4/server/smartcard.c:757
    #3 0x7fffee032f3f in red_peer_handle_incoming /home/elmarco/pkg/spice/spice-0.12.4/server/red_channel.c:304
    #4 0x7fffee033216 in red_channel_client_receive /home/elmarco/pkg/spice/spice-0.12.4/server/red_channel.c:322
    #5 0x7fffee03bf1f in red_channel_client_event /home/elmarco/pkg/spice/spice-0.12.4/server/red_channel.c:1561
    #6 0x555555c3c53d in qemu_iohandler_poll /home/elmarco/src/qemu/iohandler.c:143
    #7 0x555555c3b800 in main_loop_wait /home/elmarco/src/qemu/main-loop.c:504
    #8 0x5555556f160c in main_loop /home/elmarco/src/qemu/vl.c:1818
    #9 0x5555556f160c in main /home/elmarco/src/qemu/vl.c:4394
    #10 0x7fffed80eb14 in __libc_start_main /usr/src/debug/glibc-2.17-c758a686/csu/libc-start.c:274
    #11 0x5555556f9c20 in _start (/home/elmarco/src/qemu/x86_64-softmmu/qemu-system-x86_64+0x1a5c20)
0x60040009c098 is located 0 bytes to the right of 8-byte region [0x60040009c090,0x60040009c098)
allocated by thread T0 here:
    #0 0x7ffff4e612be in __interceptor_realloc /usr/src/debug/gcc-4.8.5-20150702/obj-x86_64-redhat-linux/x86_64-redhat-linux/libsanitizer/asan/../../../../libsanitizer/asan/asan_malloc_linux.cc:92
    #1 0x7fffee121308 in spice_realloc /home/elmarco/pkg/spice/spice-0.12.4/spice-common/common/mem.c:123
    #2 0x7fffee004a48 in __spice_char_device_write_buffer_get /home/elmarco/pkg/spice/spice-0.12.4/server/char_device.c:516
    #3 0x7fffee004e87 in spice_char_device_write_buffer_get /home/elmarco/pkg/spice/spice-0.12.4/server/char_device.c:557
    #4 0x7fffee0ed8b9 in smartcard_char_device_notify_reader_add /home/elmarco/pkg/spice/spice-0.12.4/server/smartcard.c:325
    #5 0x7fffee0ef783 in smartcard_add_reader /home/elmarco/pkg/spice/spice-0.12.4/server/smartcard.c:642
    #6 0x7fffee0f0568 in smartcard_channel_handle_message /home/elmarco/pkg/spice/spice-0.12.4/server/smartcard.c:757
    #7 0x7fffee032f3f in red_peer_handle_incoming /home/elmarco/pkg/spice/spice-0.12.4/server/red_channel.c:304
    #8 0x7fffee033216 in red_channel_client_receive /home/elmarco/pkg/spice/spice-0.12.4/server/red_channel.c:322
    #9 0x7fffee03bf1f in red_channel_client_event /home/elmarco/pkg/spice/spice-0.12.4/server/red_channel.c:1561
    #10 0x555555c3c53d in qemu_iohandler_poll /home/elmarco/src/qemu/iohandler.c:143
SUMMARY: AddressSanitizer: heap-buffer-overflow /home/elmarco/pkg/spice/spice-0.12.4/server/smartcard.c:334 smartcard_char_device_notify_reader_add

Signed-off-by: Marc-Andre Lureau <marcandre.lureau@redhat.com>
 2016-07-08 10:47:38 +02:00
Marc-André Lureau
359ac42a7a smartcard: add a ref to item before adding to pipe 
There is an unref when the message is sent.
This is related to CVE-2016-0749

==17204== ERROR: AddressSanitizer: heap-use-after-free on address 0x6008000144a8 at pc 0x7fffee0ce245 bp 0x7fffffffc630 sp 0x7fffffffc620
READ of size 4 at 0x6008000144a8 thread T0
    #0 0x7fffee0ce244 in smartcard_unref_vsc_msg_item /home/elmarco/src/spice/spice/server/smartcard.c:608
    #1 0x7fffee0cb451 in smartcard_unref_msg_to_client /home/elmarco/src/spice/spice/server/smartcard.c:178
    #2 0x7fffedfcdf14 in spice_char_device_read_from_device /home/elmarco/src/spice/spice/server/char-device.c:330
    #3 0x7fffedfd1763 in spice_char_device_wakeup /home/elmarco/src/spice/spice/server/char-device.c:901
    #4 0x7fffee05da98 in spice_server_char_device_wakeup /home/elmarco/src/spice/spice/server/reds.c:2990
    #5 0x55555593fa34 in spice_chr_write /home/elmarco/src/qemu/spice-qemu-char.c:189
    #6 0x5555559375f1 in qemu_chr_fe_write /home/elmarco/src/qemu/qemu-char.c:220
    #7 0x555555b3b682 in ccid_card_vscard_send_msg.isra.2 /home/elmarco/src/qemu/hw/usb/ccid-card-passthru.c:76
    #8 0x555555b3c466 in ccid_card_vscard_send_error /home/elmarco/src/qemu/hw/usb/ccid-card-passthru.c:91
    #9 0x555555b3c466 in ccid_card_vscard_handle_message /home/elmarco/src/qemu/hw/usb/ccid-card-passthru.c:242
    #10 0x555555b3c466 in ccid_card_vscard_read /home/elmarco/src/qemu/hw/usb/ccid-card-passthru.c:289
    #11 0x55555593f169 in vmc_write /home/elmarco/src/qemu/spice-qemu-char.c:41
    #12 0x7fffedfcee6d in spice_char_device_write_to_device /home/elmarco/src/spice/spice/server/char-device.c:477
    #13 0x7fffedfcfd31 in spice_char_device_write_buffer_add /home/elmarco/src/spice/spice/server/char-device.c:629
    #14 0x7fffee0ce9df in smartcard_channel_write_to_reader /home/elmarco/src/spice/spice/server/smartcard.c:675
    #15 0x7fffee0cc7db in smartcard_char_device_notify_reader_add /home/elmarco/src/spice/spice/server/smartcard.c:341
    #16 0x7fffee0ce4f3 in smartcard_add_reader /home/elmarco/src/spice/spice/server/smartcard.c:648
    #17 0x7fffee0cf2e2 in smartcard_channel_handle_message /home/elmarco/src/spice/spice/server/smartcard.c:763
    #18 0x7fffedffe21f in red_peer_handle_incoming /home/elmarco/src/spice/spice/server/red-channel.c:307
    #19 0x7fffedffe4f6 in red_channel_client_receive /home/elmarco/src/spice/spice/server/red-channel.c:325
    #20 0x7fffee00726c in red_channel_client_event /home/elmarco/src/spice/spice/server/red-channel.c:1566
    #21 0x555555c3c53d in qemu_iohandler_poll /home/elmarco/src/qemu/iohandler.c:143
    #22 0x555555c3b800 in main_loop_wait /home/elmarco/src/qemu/main-loop.c:504
    #23 0x5555556f160c in main_loop /home/elmarco/src/qemu/vl.c:1818
    #24 0x5555556f160c in main /home/elmarco/src/qemu/vl.c:4394
    #25 0x7fffed7d0b14 in __libc_start_main /usr/src/debug/glibc-2.17-c758a686/csu/libc-start.c:274
    #26 0x5555556f9c20 in _start (/home/elmarco/src/qemu/x86_64-softmmu/qemu-system-x86_64+0x1a5c20)
0x6008000144a8 is located 24 bytes inside of 40-byte region [0x600800014490,0x6008000144b8)
freed by thread T0 here:
    #0 0x7ffff4e61009 in __interceptor_free /usr/src/debug/gcc-4.8.5-20150702/obj-x86_64-redhat-linux/x86_64-redhat-linux/libsanitizer/asan/../../../../libsanitizer/asan/asan_malloc_linux.cc:61
    #1 0x7fffee0ce2a1 in smartcard_unref_vsc_msg_item /home/elmarco/src/spice/spice/server/smartcard.c:610
    #2 0x7fffee0cdd58 in smartcard_channel_release_pipe_item /home/elmarco/src/spice/spice/server/smartcard.c:548
    #3 0x7fffee000668 in red_channel_client_release_item /home/elmarco/src/spice/spice/server/red-channel.c:602
    #4 0x7fffee0006ef in red_channel_client_release_sent_item /home/elmarco/src/spice/spice/server/red-channel.c:609
    #5 0x7fffee0007b5 in red_channel_peer_on_out_msg_done /home/elmarco/src/spice/spice/server/red-channel.c:620
    #6 0x7fffedffed7e in red_peer_handle_outgoing /home/elmarco/src/spice/spice/server/red-channel.c:385
    #7 0x7fffee0057bb in red_channel_client_send /home/elmarco/src/spice/spice/server/red-channel.c:1294
    #8 0x7fffee0076e6 in red_channel_client_begin_send_message /home/elmarco/src/spice/spice/server/red-channel.c:1605
    #9 0x7fffee0cdccd in smartcard_channel_send_item /home/elmarco/src/spice/spice/server/smartcard.c:541
    #10 0x7fffee000570 in red_channel_client_send_item /home/elmarco/src/spice/spice/server/red-channel.c:588
    #11 0x7fffee005bfb in red_channel_client_push /home/elmarco/src/spice/spice/server/red-channel.c:1347
    #12 0x7fffee007ef7 in red_channel_client_pipe_add_push /home/elmarco/src/spice/spice/server/red-channel.c:1673
    #13 0x7fffee0cde4d in smartcard_channel_client_pipe_add_push /home/elmarco/src/spice/spice/server/smartcard.c:571
    #14 0x7fffee0cb567 in smartcard_send_msg_to_client /home/elmarco/src/spice/spice/server/smartcard.c:187
    #15 0x7fffedfcdba2 in spice_char_device_send_msg_to_clients /home/elmarco/src/spice/spice/server/char-device.c:282
    #16 0x7fffedfcdea4 in spice_char_device_read_from_device /home/elmarco/src/spice/spice/server/char-device.c:329
    #17 0x7fffedfd1763 in spice_char_device_wakeup /home/elmarco/src/spice/spice/server/char-device.c:901
    #18 0x7fffee05da98 in spice_server_char_device_wakeup /home/elmarco/src/spice/spice/server/reds.c:2990
    #19 0x55555593fa34 in spice_chr_write /home/elmarco/src/qemu/spice-qemu-char.c:189

Signed-off-by: Marc-Andre Lureau <marcandre.lureau@redhat.com>
 2016-07-08 10:47:30 +02:00
Pavel Grunt
a68c821164 Fix -Werror=format with DEBUG_ENCODE 
Acked-by: Jonathon Jongsma <jjongsma@redhat.com>
 2016-07-01 14:00:37 +02:00
Pavel Grunt
3a06113ce4 Do not force computing streaming statistic 
Let user to define STREAM_STATS to enable them

Acked-by: Jonathon Jongsma <jjongsma@redhat.com>
 2016-07-01 14:00:32 +02:00
Pavel Grunt
fb1b30a0e5 Fix compiling with defined DEBUG_DISPATCHER 
setup_dummy_signal_handler was used before declared

Acked-by: Jonathon Jongsma <jjongsma@redhat.com>
 2016-07-01 13:59:36 +02:00
Frediano Ziglio
3b2fd86e8a Constify spice_server_char_device_recognized_subtypes 
Users should not change the list of supported subtypes.

Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Jonathon Jongsma <jjongsma@redhat.com>
 2016-06-29 08:09:03 +01:00
Frediano Ziglio
c70b2067a9 Constify event_loop_core 
Was used as write variable only for testing.
Avoid usage of not constant globals.
Making globals constants avoid future race condition
usages.

Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Jonathon Jongsma <jjongsma@redhat.com>
 2016-06-29 08:08:54 +01:00