[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH 3/3] vnc: fix possible uninitialized removals
From: |
Tim Hardeck |
Subject: |
[Qemu-devel] [PATCH 3/3] vnc: fix possible uninitialized removals |
Date: |
Tue, 8 Jan 2013 11:27:19 +0100 |
Some VncState values are not initialized before the Websocket handshake.
If it fails QEMU segfaults during the cleanup. To prevent this behavior
intialization checks are added.
Signed-off-by: Tim Hardeck <address@hidden>
---
ui/vnc.c | 11 ++++++++---
ui/vnc.h | 1 +
2 files changed, 9 insertions(+), 3 deletions(-)
diff --git a/ui/vnc.c b/ui/vnc.c
index ee08894..ff4e2ae 100644
--- a/ui/vnc.c
+++ b/ui/vnc.c
@@ -1053,20 +1053,24 @@ void vnc_disconnect_finish(VncState *vs)
audio_del(vs);
vnc_release_modifiers(vs);
- QTAILQ_REMOVE(&vs->vd->clients, vs, next);
+ if (vs->initialized) {
+ QTAILQ_REMOVE(&vs->vd->clients, vs, next);
+ qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
+ }
if (QTAILQ_EMPTY(&vs->vd->clients)) {
dcl->idle = 1;
}
- qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
vnc_remove_timer(vs->vd);
if (vs->vd->lock_key_sync)
qemu_remove_led_event_handler(vs->led);
vnc_unlock_output(vs);
qemu_mutex_destroy(&vs->output_mutex);
- qemu_bh_delete(vs->bh);
+ if (vs->bh != NULL) {
+ qemu_bh_delete(vs->bh);
+ }
buffer_free(&vs->jobs_buffer);
for (i = 0; i < VNC_STAT_ROWS; ++i) {
@@ -2749,6 +2753,7 @@ static void vnc_connect(VncDisplay *vd, int csock, int
skipauth, bool websocket)
void vnc_init_state(VncState *vs)
{
+ vs->initialized = true;
VncDisplay *vd = vs->vd;
vs->ds = vd->ds;
diff --git a/ui/vnc.h b/ui/vnc.h
index f93c89a..45d7686 100644
--- a/ui/vnc.h
+++ b/ui/vnc.h
@@ -306,6 +306,7 @@ struct VncState
QEMUPutLEDEntry *led;
bool abort;
+ bool initialized;
QemuMutex output_mutex;
QEMUBH *bh;
Buffer jobs_buffer;
--
1.7.10.4