Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12:Update
spice
0002-worker-avoid-double-free-or-double-create-...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0002-worker-avoid-double-free-or-double-create-of-surface.patch of Package spice
From 097c638b121e595d9daf79285c447088027a58e2 Mon Sep 17 00:00:00 2001 From: Frediano Ziglio <fziglio@redhat.com> Date: Wed, 9 Sep 2015 12:45:06 +0100 Subject: [PATCH 02/19] worker: avoid double free or double create of surfaces A driver can overwrite surface state creating a surface with the same id of a previous one. Also can try to destroy surfaces that are not created. Both requests cause invalid internal states that could lead to crashes or memory corruptions. Signed-off-by: Frediano Ziglio <fziglio@redhat.com> --- server/red_worker.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) Index: spice-0.12.4/server/red_worker.c =================================================================== --- spice-0.12.4.orig/server/red_worker.c +++ spice-0.12.4/server/red_worker.c @@ -4313,6 +4313,10 @@ static inline void red_process_surface(R int32_t stride = surface->u.surface_create.stride; int reloaded_surface = loadvm || (surface->flags & QXL_SURF_FLAG_KEEP_DATA); + if (red_surface->refs) { + spice_warning("avoiding creating a surface twice"); + break; + } data = surface->u.surface_create.data; if (stride < 0) { data -= (int32_t)(stride * (height - 1)); @@ -4326,7 +4330,10 @@ static inline void red_process_surface(R break; } case QXL_SURFACE_CMD_DESTROY: - spice_warn_if(!red_surface->context.canvas); + if (!red_surface->refs) { + spice_warning("avoiding destroying a surface twice"); + break; + } set_surface_release_info(worker, surface_id, 0, surface->release_info, group_id); red_handle_depends_on_target_surface(worker, surface_id); /* note that red_handle_depends_on_target_surface must be called before red_current_clear.
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor