pxcloud/spice
5
0
Fork 0
mirror of https://gitlab.uni-freiburg.de/opensourcevdi/spice synced 2026-01-05 07:59:01 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1029e7fd4d
spice/server
History
Alon Levy 1029e7fd4d server/red_worker: fix use after free for listeners 
This fixes a core dumped observed once by repeated migration. So far 100
migrations and no recurrence.

Core was generated by `/home/alon/spice/upstream/bin/qemu-system-x86_64 --enable-kvm -qmp unix:/tmp/mi'.
Program terminated with signal 11, Segmentation fault.
11197	                if (evt_listener && evt_listener->refs > 1) {
Missing separate debuginfos, use: debuginfo-install bluez-libs-4.98-3.fc17.x86_64 brlapi-0.5.6-4.fc17.x86_64 bzip2-libs-1.0.6-4.fc17.x86_64 cryptopp-5.6.1-6.fc17.x86_64 keyutils-libs-1.5.5-2.fc17.x86_64 libssh2-1.4.0-1.fc17.x86_64 nss-softokn-freebl-3.13.1-20.fc17.x86_64 xen-libs-4.1.2-11.fc17.x86_64 xz-libs-5.1.1-2alpha.fc17.x86_64
(gdb) bt
(gdb) l
11192	        for (i = 0; i < MAX_EVENT_SOURCES; i++) {
11193	            struct pollfd *pfd = worker.poll_fds + i;
11194	            if (pfd->revents) {
11195	                EventListener *evt_listener = worker.listeners[i];
11196
11197	                if (evt_listener && evt_listener->refs > 1) {
11198	                    evt_listener->action(evt_listener, pfd);
11199	                    if (--evt_listener->refs) {
11200	                        continue;
11201	                    }
(gdb) p evt_listener
$1 = (EventListener *) 0x7f15a9a5d1e0
(gdb) p *evt_listener
Cannot access memory at address 0x7f15a9a5d1e0
(gdb) p i
$2 = 2
(gdb) p worker.listeners
$3 = {0x7f15bc832520, 0x7f15a406e1a0, 0x7f15a9a5d1e0, 0x0 <repeats 17 times>}
2012-03-06 16:45:12 +02:00
..
tests build-sys: fix make distcheck 2012-03-01 16:24:10 +01:00
.gitignore gitignore: add generated_*, vim temps, pyc 2010-11-08 16:06:55 +02:00
agent-msg-filter.c add #include <config.h> to all source files 2011-05-03 14:44:10 +02:00
agent-msg-filter.h server: add discard all option to agent message filter 2011-04-04 11:30:30 +02:00
char_device.h Rename usbredir channel code to spicevmc 2011-08-25 14:04:27 +02:00
demarshallers.h Remove trailing blank lines 2012-01-13 18:11:59 +02:00
dispatcher.c Remove extra '\n' from red_printf() calls 2012-02-14 18:19:29 +02:00
dispatcher.h server/dispatcher: add dispatcher_register_async_done_callback 2011-11-08 16:22:21 +02:00
glz_encode_match_tmpl.c add #include <config.h> to all source files 2011-05-03 14:44:10 +02:00
glz_encode_tmpl.c Remove trailing whitespace from end of lines 2012-01-13 18:11:59 +02:00
glz_encoder_config.h Remove trailing blank lines 2012-01-13 18:11:59 +02:00
glz_encoder_dictionary_protected.h Remove trailing blank lines 2012-01-13 18:11:59 +02:00
glz_encoder_dictionary.c Remove trailing blank lines 2012-01-13 18:11:59 +02:00
glz_encoder_dictionary.h Remove trailing blank lines 2012-01-13 18:11:59 +02:00
glz_encoder.c Remove trailing blank lines 2012-01-13 18:11:59 +02:00
glz_encoder.h Remove trailing blank lines 2012-01-13 18:11:59 +02:00
inputs_channel.c server/inputs_channel: don't set O_ASYNC option on socket 2012-01-23 12:28:58 +02:00
inputs_channel.h Remove trailing blank lines 2012-01-13 18:11:59 +02:00
jpeg_encoder.c Remove trailing whitespace from end of lines 2012-01-13 18:11:59 +02:00
jpeg_encoder.h Remove trailing whitespace from end of lines 2012-01-13 18:11:59 +02:00
main_channel.c Send name & uuid to capable clients 2012-03-05 18:19:07 +01:00
main_channel.h Send name & uuid to capable clients 2012-03-05 18:19:07 +01:00
main_dispatcher.c server, separate SpiceChannelEventInfo from RedStream 2012-02-15 15:04:04 +02:00
main_dispatcher.h [0.8 branch] server: add main_dispatcher 2011-10-31 17:35:54 +02:00
Makefile.am Add configure-time check for -Wl, --version-script option 2012-02-21 10:20:44 +02:00
mjpeg_encoder.c Remove useless if() before free() 2012-01-13 18:11:58 +02:00
mjpeg_encoder.h mjpeg_encoder: remove unused functions 2011-07-22 16:53:56 +02:00
red_bitmap_utils.h Remove trailing blank lines 2012-01-13 18:11:59 +02:00
red_channel.c Use standard IOV_MAX definition where applicable 2012-02-21 10:20:47 +02:00
red_channel.h Use standard IOV_MAX definition where applicable 2012-02-21 10:20:47 +02:00
red_client_cache.h server/red_worker: multiple client support - base split 2011-08-23 18:01:04 +03:00
red_client_shared_cache.h Remove trailing whitespace from end of lines 2012-01-13 18:11:59 +02:00
red_common.h Remove trailing blank lines 2012-01-13 18:11:59 +02:00
red_dispatcher.c server/red_worker: pass remote caps to display/cursor red_channel_client's 2012-01-12 16:17:01 +02:00
red_dispatcher.h server/red_worker: pass remote caps to display/cursor red_channel_client's 2012-01-12 16:17:01 +02:00
red_memslots.c add #include <config.h> to all source files 2011-05-03 14:44:10 +02:00
red_memslots.h Relicense everything from GPL to LGPL 2.1+ 2010-04-13 22:22:15 +02:00
red_parse_qxl.c Remove trailing blank lines 2012-01-13 18:11:59 +02:00
red_parse_qxl.h server/red_parse_qxl.h: License should be LGPLv2+ rather then GPLv2+ 2011-12-15 13:12:31 +01:00
red_tunnel_worker.c server: Don't complain if setsockopt NODELAY fails on unix sockets 2012-01-18 11:14:40 +01:00
red_tunnel_worker.h server: Unset executable bit of red_tunnel_worker.h 2011-05-05 20:04:49 +03:00
red_worker.c server/red_worker: fix use after free for listeners 2012-03-06 16:45:12 +02:00
red_worker.h Remove trailing blank lines 2012-01-13 18:11:59 +02:00
reds_gl_canvas.c common,server: use ASSERT from spice_common.h 2011-05-03 14:44:11 +02:00
reds_gl_canvas.h autotools: correctly build canvas-related code 2011-05-03 14:44:10 +02:00
reds_sw_canvas.c common,server: use ASSERT from spice_common.h 2011-05-03 14:44:11 +02:00
reds_sw_canvas.h autotools: correctly build canvas-related code 2011-05-03 14:44:10 +02:00
reds.c Send name & uuid to capable clients 2012-03-05 18:19:07 +01:00
reds.h Send name & uuid to capable clients 2012-03-05 18:19:07 +01:00
smartcard.c Rewrite code to avoid triggering warning about casting param to free() 2012-01-13 18:11:58 +02:00
smartcard.h Remove trailing blank lines 2012-01-13 18:11:59 +02:00
snd_worker.c Use standard IOV_MAX definition where applicable 2012-02-21 10:20:47 +02:00
snd_worker.h Remove trailing blank lines 2012-01-13 18:11:59 +02:00
spice-experimental.h Remove trailing blank lines 2012-01-13 18:11:59 +02:00
spice-server.syms Send name & uuid to capable clients 2012-03-05 18:19:07 +01:00
spice.h Send name & uuid to capable clients 2012-03-05 18:19:07 +01:00
spicevmc.c server/spicevmc: Don't destroy the rcc twice 2012-02-20 16:32:31 +01:00
stat.h Remove trailing blank lines 2012-01-13 18:11:59 +02:00
zlib_encoder.c add #include <config.h> to all source files 2011-05-03 14:44:10 +02:00
zlib_encoder.h applying zlib compression over glz on WAN connection 2010-06-21 15:05:37 +02:00