|
From: | Anthony Liguori |
Subject: | Re: [Qemu-devel] [PATCH] vnc_refresh: calling vnc_update_client might free vs |
Date: | Tue, 26 Jan 2010 18:07:14 -0600 |
User-agent: | Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.5) Gecko/20091209 Fedora/3.0-4.fc12 Lightning/1.0pre Thunderbird/3.0 |
On 01/25/2010 06:54 AM, Stefano Stabellini wrote:
Hi all, this patch fixes another bug in vnc_refresh: calling vnc_update_client might cause vs to be free()ed, in this case we cannot access vs->next right after to examine the next item on the list. Signed-off-by: Stefano Stabellini<address@hidden>
Applied. Thanks. Regards, Anthony Liguori
--- diff --git a/vnc.c b/vnc.c index cc2a26e..92facde 100644 --- a/vnc.c +++ b/vnc.c @@ -2345,7 +2345,7 @@ static int vnc_refresh_server_surface(VncDisplay *vd) static void vnc_refresh(void *opaque) { VncDisplay *vd = opaque; - VncState *vs = NULL; + VncState *vs = NULL, *vn = NULL; int has_dirty = 0, rects = 0; vga_hw_update(); @@ -2354,8 +2354,10 @@ static void vnc_refresh(void *opaque) vs = vd->clients; while (vs != NULL) { + vn = vs->next; rects += vnc_update_client(vs, has_dirty); - vs = vs->next; + /* vs might be free()ed here */ + vs = vn; } /* vd->timer could be NULL now if the last client disconnected, * in this case don't update the timer */
[Prev in Thread] | Current Thread | [Next in Thread] |