pxcloud/spice
5
0
Fork 0
mirror of https://gitlab.uni-freiburg.de/opensourcevdi/spice synced 2026-01-15 05:10:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
28f3007145
spice/server
History
Marc-André Lureau 28f3007145 Revert "server/red_channel: red_channel_event: push on blocked" 
This reverts commit 5062433d8a.

red_channel_receive() can call red_channel_destroy() which frees
channel.

The condition bellow is then checked, which can access a freed
channel:

if (event & SPICE_WATCH_EVENT_WRITE || channel->send_data.blocked)

Reverting this commit solves the issue without any apparent
bugs/drawbacks, which kind of clears out the weird TODO.

handle_dev_input: cursor connect
==11826== Invalid read of size 4
==11826==    at 0x4C6F83C: red_channel_event (red_channel.c:535)
==11826==    by 0x41CB8C: main_loop_wait (vl.c:1365)
==11826==    by 0x437CDE: kvm_main_loop (qemu-kvm.c:1589)
==11826==    by 0x41FE9A: main (vl.c:1411)
==11826==  Address 0x31fb00f0 is 96 bytes inside a block of size 28,648 free'd
==11826==    at 0x4A05372: free (vg_replace_malloc.c:366)
==11826==    by 0x4C6F536: red_channel_destroy (red_channel.c:453)
==11826==    by 0x4C52B5D: inputs_channel_on_incoming_error (inputs_channel.c:449)
==11826==    by 0x4C6ED0E: red_channel_peer_on_incoming_error (red_channel.c:215)
==11826==    by 0x4C6E731: red_peer_handle_incoming (red_channel.c:87)
==11826==    by 0x4C6EA55: red_channel_receive (red_channel.c:154)
==11826==    by 0x4C6F82D: red_channel_event (red_channel.c:530)
==11826==    by 0x41CB8C: main_loop_wait (vl.c:1365)
==11826==    by 0x437CDE: kvm_main_loop (qemu-kvm.c:1589)
==11826==    by 0x41FE9A: main (vl.c:1411)
==11826==

https://bugs.freedesktop.org/show_bug.cgi?id=34971
2011-03-03 14:59:31 +01:00
..
tests server/tests/basic_event_loop: fix bzero warning 2011-02-11 19:13:03 +02:00
.gitignore gitignore: add generated_*, vim temps, pyc 2010-11-08 16:06:55 +02:00
char_device.h server: add char_device.h header, use in reds.c 2010-12-06 18:09:14 +02:00
demarshallers.h Add destructor for demarshalled messages 2010-06-22 10:53:24 +02:00
glz_encode_match_tmpl.c Fix spelling errors in comments and strings 2010-05-21 10:51:28 +02:00
glz_encode_tmpl.c Fix spelling errors in comments and strings 2010-05-21 10:51:28 +02:00
glz_encoder_config.h Relicense everything from GPL to LGPL 2.1+ 2010-04-13 22:22:15 +02:00
glz_encoder_dictionary_protected.h Fix spelling errors in comments and strings 2010-05-21 10:51:28 +02:00
glz_encoder_dictionary.c Fix spelling errors in comments and strings 2010-05-21 10:51:28 +02:00
glz_encoder_dictionary.h Fix spelling errors in comments and strings 2010-05-21 10:51:28 +02:00
glz_encoder.c Fix spelling errors in comments and strings 2010-05-21 10:51:28 +02:00
glz_encoder.h Fix spelling errors in comments and strings 2010-05-21 10:51:28 +02:00
inputs_channel.c server/red_channel (+): remove red_channel_add_buf 2011-03-02 17:27:52 +02:00
inputs_channel.h server/inputs_channel: remove unused declaration in inputs_channel.h 2010-12-07 21:32:34 +02:00
jpeg_encoder.c client/server: warning fixes (gcc 4.6.0) 2011-01-25 17:22:48 +02:00
jpeg_encoder.h JPEG support: introducing jpeg encoding for spice bitmaps 2010-06-09 11:40:25 +02:00
main_channel.c server/red_channel: add red_channel_get_first_socket 2011-03-02 17:27:52 +02:00
main_channel.h server: split main_channel from reds 2011-01-13 06:56:51 +02:00
Makefile.am build: add --with-sasl 2011-02-28 16:36:35 +01:00
mjpeg_encoder.c Relicense everything from GPL to LGPL 2.1+ 2010-04-13 22:22:15 +02:00
mjpeg_encoder.h Relicense everything from GPL to LGPL 2.1+ 2010-04-13 22:22:15 +02:00
red_bitmap_utils.h Fix spelling errors in comments and strings 2010-05-21 10:51:28 +02:00
red_channel.c Revert "server/red_channel: red_channel_event: push on blocked" 2011-03-03 14:59:31 +01:00
red_channel.h server/red_channel: move out_bytes_counter from Outgoing to RedChannel 2011-03-02 17:27:53 +02:00
red_client_cache.h server/red_worker: use red_channel_pipe_item_init 2011-03-02 17:27:53 +02:00
red_client_shared_cache.h server: use red_channel_get_message_serial 2011-03-02 17:27:51 +02:00
red_common.h server/common: introduce common/spice_common.h 2011-03-02 17:27:51 +02:00
red_dispatcher.c server: rename s/peer/stream 2011-02-28 16:36:35 +01:00
red_dispatcher.h QXL: redesign. 2010-05-19 11:22:06 +02:00
red_memslots.c improve memory slot error logging. 2010-06-29 12:30:19 +02:00
red_memslots.h Relicense everything from GPL to LGPL 2.1+ 2010-04-13 22:22:15 +02:00
red_parse_qxl.c client/server: warning fixes (gcc 4.6.0) 2011-01-25 17:22:48 +02:00
red_parse_qxl.h move command flags handling to the qxl parser 2010-09-14 10:41:49 +02:00
red_tunnel_worker.c server/red_channel (+): remove red_channel_add_buf 2011-03-02 17:27:52 +02:00
red_tunnel_worker.h add spice-experimental.h 2010-05-19 11:22:08 +02:00
red_worker.c server/red_worker: use red_channel_pipe_item_init 2011-03-02 17:27:53 +02:00
red_worker.h server: enabling/disabling jpeg and zlib-over-glz via spice command line args 2010-07-14 12:16:23 +03:00
reds.c server: add SASL support 2011-02-28 16:36:35 +01:00
reds.h server: add SASL support 2011-02-28 16:36:35 +01:00
smartcard.c server/red_channel (+): remove red_channel_add_buf 2011-03-02 17:27:52 +02:00
smartcard.h smartcard: server side (not enabled yet) 2010-12-07 13:31:42 +02:00
snd_worker.c server: add reds_channel_dispose() 2011-02-28 16:36:35 +01:00
snd_worker.h zap vd_interface.h 2010-05-19 11:22:07 +02:00
spice-experimental.h move chardevs out of experimental 2010-12-16 09:16:10 +01:00
spice.h server: add SASL support 2011-02-28 16:36:35 +01:00
stat.h Relicense everything from GPL to LGPL 2.1+ 2010-04-13 22:22:15 +02:00
zlib_encoder.c applying zlib compression over glz on WAN connection 2010-06-21 15:05:37 +02:00
zlib_encoder.h applying zlib compression over glz on WAN connection 2010-06-21 15:05:37 +02:00