[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PULL 2/9] vnc: Fix qemu crashed when vnc client disconnect
From: |
Gerd Hoffmann |
Subject: |
[Qemu-devel] [PULL 2/9] vnc: Fix qemu crashed when vnc client disconnect suddenly |
Date: |
Mon, 10 Mar 2014 13:49:06 +0100 |
From: "Gonglei (Arei)" <address@hidden>
Hi,
When I use RealVNC viewer client (http://www.realvnc.com/) to connect vnc
server,
the client disconnect suddenly, and I click reconnect button immediately, then
the Qemu crashed.
In the function vnc_worker_thread_loop, will call vnc_async_encoding_start
to set the local vs->output buffer by global queue's buffer. Then send
rectangles to
the vnc client call function vnc_send_framebuffer_update. Finally, Under normal
circumstances,
call vnc_async_encoding_end to set the global queue'buffer by the local
vs->output conversely.
When the vnc client disconnect, the job->vs->csock will be set to -1. And the
current prcoess
logic will goto disconnected partion without call function
vnc_async_encoding_end.
But, the function vnc_send_framebuffer_update will call buffer_reserve, which
maybe call g_realloc reset the local vs's buffer, meaning the global queue's
buffer is modified also.
If anyone use the original global queue's buffer memory will cause corruption
and then crash qemu.
This patch assure the function vnc_async_encoding_end being called
even though the vnc client disconnect suddenly.
Signed-off-by: Gonglei <address@hidden>
Signed-off-by: Gerd Hoffmann <address@hidden>
---
ui/vnc-jobs.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/ui/vnc-jobs.c b/ui/vnc-jobs.c
index 2d3fce8..a141f40 100644
--- a/ui/vnc-jobs.c
+++ b/ui/vnc-jobs.c
@@ -252,6 +252,8 @@ static int vnc_worker_thread_loop(VncJobQueue *queue)
if (job->vs->csock == -1) {
vnc_unlock_display(job->vs->vd);
+ /* Copy persistent encoding data */
+ vnc_async_encoding_end(job->vs, &vs);
goto disconnected;
}
@@ -278,6 +280,9 @@ static int vnc_worker_thread_loop(VncJobQueue *queue)
vnc_async_encoding_end(job->vs, &vs);
qemu_bh_schedule(job->vs->bh);
+ } else {
+ /* Copy persistent encoding data */
+ vnc_async_encoding_end(job->vs, &vs);
}
vnc_unlock_output(job->vs);
--
1.8.3.1
- [Qemu-devel] [PULL 0/9] vnc patches, Gerd Hoffmann, 2014/03/10
- [Qemu-devel] [PULL 3/9] vnc: fix use-after-free in vnc_update_client_sync, Gerd Hoffmann, 2014/03/10
- [Qemu-devel] [PULL 2/9] vnc: Fix qemu crashed when vnc client disconnect suddenly,
Gerd Hoffmann <=
- [Qemu-devel] [PULL 1/9] vnc: Fix tight_detect_smooth_image() for lossless case, Gerd Hoffmann, 2014/03/10
- [Qemu-devel] [PULL 4/9] ui/vnc: introduce VNC_DIRTY_PIXELS_PER_BIT macro, Gerd Hoffmann, 2014/03/10
- [Qemu-devel] [PULL 6/9] ui/vnc: optimize dirty bitmap tracking, Gerd Hoffmann, 2014/03/10
- [Qemu-devel] [PULL 9/9] ui/vnc: disable adaptive update calculations if not needed, Gerd Hoffmann, 2014/03/10
- [Qemu-devel] [PULL 7/9] ui/vnc: optimize clearing in find_and_clear_dirty_height(), Gerd Hoffmann, 2014/03/10
- [Qemu-devel] [PULL 8/9] ui/vnc: optimize setting in vnc_dpy_update(), Gerd Hoffmann, 2014/03/10
- [Qemu-devel] [PULL 5/9] ui/vnc: derive cmp_bytes from VNC_DIRTY_PIXELS_PER_BIT, Gerd Hoffmann, 2014/03/10
- Re: [Qemu-devel] [PULL 0/9] vnc patches, Peter Maydell, 2014/03/11