[mingw-spice-gtk] Fix usbredir crash on disconnection

Marc-André Lureau elmarco at fedoraproject.org
Mon Dec 22 12:18:13 UTC 2014 

commit 16c75b20e62ccd63a5b85395cdd47398b3b7dbce
Author: Marc-André Lureau <marcandre.lureau at gmail.com>
Date:   Mon Dec 22 13:18:01 2014 +0100

    Fix usbredir crash on disconnection

 ...r-prevent-crash-when-calling-without-host.patch |   70 ++++++++++++++++++++
 mingw-spice-gtk.spec                               |    7 ++-
 2 files changed, 76 insertions(+), 1 deletions(-)
---
diff --git a/0007-usbredir-prevent-crash-when-calling-without-host.patch b/0007-usbredir-prevent-crash-when-calling-without-host.patch
new file mode 100644
index 0000000..87c6d88
--- /dev/null
+++ b/0007-usbredir-prevent-crash-when-calling-without-host.patch
@@ -0,0 +1,70 @@
+From 5b252b0f499601bcf387c02a4dd35d27ed34c07c Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau at redhat.com>
+Date: Sat, 20 Dec 2014 01:03:09 +0100
+Subject: [PATCH spice-gtk] usbredir: prevent crash when calling without host
+
+Quite annoyingly, usbredir doesn't have public functions arguments
+preconditions, and will weirdly run the flush callback during
+initialization.
+
+With 201a8c2 change, the channel state is kept as it is when calling
+reset. This will result in the following crash that was avoided before
+thanks to a precondition on the channel to be ready. Adding a further
+precondition check on priv->host != NULL solves the following crash
+during reset():
+
+Program received signal SIGSEGV, Segmentation fault.
+usbredirhost_write_guest_data (host=0x0) at usbredirhost.c:868
+868                               return
+usbredirparser_do_write(host->parser);
+(gdb) bt
+ #0  0x00007fffb2ed24d0 in usbredirhost_write_guest_data (host=0x0) at
+ #usbredirhost.c:868
+ #1  0x00007fffc81d463b in
+ #usbredir_write_flush_callback (user_data=0x2d95250) at
+ #channel-usbredir.c:469
+ #2  0x00007fffb2ed23f9 in usbredirhost_open_full (usb_ctx=0x2baba70,
+ #usb_dev_handle=0x0, log_func=<optimized out>,
+ #read_guest_data_func=0x7fffc81d482c <usbredir_read_callback>,
+ #write_guest_data_func=0x7fffc81d4952 <usbredir_write_callback>,
+ #flush_writes_func=0x7fffc81d45c3 <usbredir_write_flush_callback>,
+ #alloc_lock_func=0x7fffc81d49f1 <usbredir_alloc_lock>,
+ #lock_func=0x7fffc81d4a41 <usbredir_lock_lock>,
+ #unlock_func=0x7fffc81d4a86 <usbredir_unlock_lock>,
+ #free_lock_func=0x7fffc81d4acb <usbredir_free_lock>,
+ #func_priv=0x2d95250, version=0x7fffc8283dcf "spice-gtk
+ #0.27.7-89db-dirty", verbose=4, flags=1) at usbredirhost.c:748
+ #3  0x00007fffc81d3b22 in
+ #spice_usbredir_channel_set_context (channel=0x2d95250
+ #[SpiceUsbredirChannel], context=0x2baba70) at channel-usbredir.c:212
+ #4  0x00007fffc81d37a9 in spice_usbredir_channel_reset (c=0x2d95250
+ #[SpiceUsbredirChannel], migrating=0)
+ at channel-usbredir.c:125
+ #5  0x00007fffc81b7f8d in spice_channel_reset (channel=0x2d95250
+ [SpiceUsbredirChannel], migrating=0)
+ at spice-channel.c:2688
+ #6  0x00007fffc81b8057 in channel_disconnect (channel=0x2d95250
+ [SpiceUsbredirChannel]) at spice-channel.c:2706
+ #7  0x00007fffc81b7559 in
+ spice_channel_coroutine (data=0x2d95250) at spice-channel.c:2490
+---
+ gtk/channel-usbredir.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/gtk/channel-usbredir.c b/gtk/channel-usbredir.c
+index 5238566..b1a91fb 100644
+--- a/gtk/channel-usbredir.c
++++ b/gtk/channel-usbredir.c
+@@ -466,6 +466,9 @@ static void usbredir_write_flush_callback(void *user_data)
+             SPICE_CHANNEL_STATE_READY)
+         return;
+ 
++    if (!priv->host)
++        return;
++
+     usbredirhost_write_guest_data(priv->host);
+ }
+ 
+-- 
+2.1.0
+
diff --git a/mingw-spice-gtk.spec b/mingw-spice-gtk.spec
index 80c0644..0bb6522 100644
--- a/mingw-spice-gtk.spec
+++ b/mingw-spice-gtk.spec
@@ -2,7 +2,7 @@
 
 Name:           mingw-spice-gtk
 Version:        0.27
-Release:        2%{?dist}
+Release:        3%{?dist}
 Summary:        A GTK+ widget for SPICE clients
 
 License:        LGPLv2+
@@ -14,6 +14,7 @@ Patch0003:      0003-channel-do-not-enter-channel-iterate-on-early-error.patch
 Patch0004:      0004-channel-introduce-SPICE_CHANNEL_STATE_RECONNECTING.patch
 Patch0005:      0005-channel-throw-auth-error-when-coroutine-ends.patch
 Patch0006:      0006-channel-clear-channel-error-after-auth-error.patch
+Patch0007:      0007-usbredir-prevent-crash-when-calling-without-host.patch
 
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildArch: noarch
@@ -136,6 +137,7 @@ pushd spice-gtk-%{version}%{?_version_suffix}
 %patch0004 -p1
 %patch0005 -p1
 %patch0006 -p1
+%patch0007 -p1
 popd
 
 if [ -n '%{?_version_suffix}' ]; then
@@ -285,6 +287,9 @@ rm -rf $RPM_BUILD_ROOT
 %{mingw64_libdir}/libspice-client-gtk-3.0.a
 
 %changelog
+* Mon Dec 22 2014 Marc-André Lureau <marcandre.lureau at redhat.com> 0.27-3
+- Fix usbredir crash on disconnection.
+
 * Tue Dec 16 2014 Marc-André Lureau <marcandre.lureau at redhat.com> 0.27-2
 - Fix authentication error handling regression.

More information about the scm-commits mailing list