[spice-gtk/f18] grr dist-git crap
Marc-André Lureau
elmarco at fedoraproject.org
Fri Jun 21 11:41:23 UTC 2013
commit 7c8023b69b85ac5b35ea635bf51c539846dcb190
Author: Marc-André Lureau <marcandre.lureau at gmail.com>
Date: Fri Jun 21 13:41:08 2013 +0200
grr dist-git crap
...el-Do-not-segfault-fault-if-peer_msg-was-.patch | 86 ++++++++++++++++++++
1 files changed, 86 insertions(+), 0 deletions(-)
---
diff --git a/0001-spice-channel-Do-not-segfault-fault-if-peer_msg-was-.patch b/0001-spice-channel-Do-not-segfault-fault-if-peer_msg-was-.patch
new file mode 100644
index 0000000..80eb2e3
--- /dev/null
+++ b/0001-spice-channel-Do-not-segfault-fault-if-peer_msg-was-.patch
@@ -0,0 +1,86 @@
+From b19acbca339a3a630f7f19e1fe5b7cc21fccd737 Mon Sep 17 00:00:00 2001
+From: Dunrong Huang <riegamaths at gmail.com>
+Date: Mon, 11 Mar 2013 16:30:02 +0800
+Subject: [PATCH spice-gtk] spice-channel: Do not segfault fault if peer_msg
+ was a NULL pointer
+
+$ remote-viewer spice://192.168.0.233:111 # 111 is not a valid spice port
+(remote-viewer:29381): GSpice-WARNING **: incomplete link header (-104/16)
+Segmentation fault (core dumped)
+
+$ gdb /usr/bin/remote-viewer core
+[Thread debugging using libthread_db enabled]
+Using host libthread_db library "/lib64/libthread_db.so.1".
+Core was generated by `remote-viewer spice://192.168.0.233:111'.
+Program terminated with signal 11, Segmentation fault.
+ switch_tls=0x7f9eb6855b88) at spice-channel.c:1675
+
+warning: Source file is more recent than executable.
+1675 switch (c->peer_msg->error) {
+(gdb) bt
+ switch_tls=0x7f9eb6855b88) at spice-channel.c:1675
+ at spice-channel.c:2299
+ at coroutine_ucontext.c:58
+ at continuation.c:49
+
+c->peer_msg->error was accessed without checking the validity of pointer in
+spice_channel_recv_link_msg(). Actually, c->peer_msg may be a NULL pointer if
+we got a error in spice_channel_recv_link_hdr().
+
+This patch fixes this error.
+
+Signed-off-by: Dunrong Huang <riegamaths at gmail.com>
+---
+ gtk/spice-channel.c | 12 +++++++-----
+ 1 file changed, 7 insertions(+), 5 deletions(-)
+
+diff --git a/gtk/spice-channel.c b/gtk/spice-channel.c
+index ce19634..7b9807b 100644
+--- a/gtk/spice-channel.c
++++ b/gtk/spice-channel.c
+@@ -1175,7 +1175,7 @@ static void spice_channel_switch_protocol(SpiceChannel *channel, gint version)
+ }
+
+ /* coroutine context */
+-static void spice_channel_recv_link_hdr(SpiceChannel *channel)
++static gboolean spice_channel_recv_link_hdr(SpiceChannel *channel)
+ {
+ SpiceChannelPrivate *c = channel->priv;
+ int rc;
+@@ -1204,19 +1204,20 @@ static void spice_channel_recv_link_hdr(SpiceChannel *channel)
+ goto error;
+ }
+
+- return;
++ return TRUE;
+
+ error:
+ /* Windows socket seems to give early CONNRESET errors. The server
+ does not linger when closing the socket if the protocol is
+ incompatible. Try with the oldest protocol in this case: */
+- if (c->link_hdr.major_version != 1) {
++ if (c->peer_msg != NULL && c->link_hdr.major_version != 1) {
+ SPICE_DEBUG("%s: error, switching to protocol 1 (spice 0.4)", c->name);
+ spice_channel_switch_protocol(channel, 1);
+- return;
++ return TRUE;
+ }
+
+ emit_main_context(channel, SPICE_CHANNEL_EVENT, SPICE_CHANNEL_ERROR_LINK);
++ return FALSE;
+ }
+
+ #if HAVE_SASL
+@@ -2295,7 +2296,8 @@ connected:
+ }
+
+ spice_channel_send_link(channel);
+- spice_channel_recv_link_hdr(channel);
++ if (spice_channel_recv_link_hdr(channel) == FALSE)
++ goto cleanup;
+ spice_channel_recv_link_msg(channel, &switch_tls);
+ if (switch_tls)
+ goto cleanup;
+--
+1.8.3.rc1.49.g8d97506
+
More information about the scm-commits
mailing list