[1/3] compositor-rdp: fix leak of frame bitmap in raw mode

Submitted by Olivier Blin on July 6, 2017, 10:06 a.m.

Details

Message ID 20170706100615.24264-2-olivier.blin@softathome.com
State New
Headers show
Series "Remote display with 3D acceleration using Wayland/Weston" ( rev: 3 ) in Wayland

Browsing this patch as part of:
"Remote display with 3D acceleration using Wayland/Weston" rev 3 in Wayland
<< prev patch [1/1] next patch >>

Commit Message

Olivier Blin July 6, 2017, 10:06 a.m.
In rdp_peer_refresh_raw(), cmd->bitmapData was reallocated, but never freed.

The cmd content (actually peer->update->surface_bits_command) was
re-initialized to zero at the beginning of the function, losing the
pointer to the previously allocated bitmap data.

Move the bitmap data in the peer->context structure instead, so that
it can be reused for every frame, and freed at destruction.
---
 libweston/compositor-rdp.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

Patch hide | download patch | download mbox

diff --git a/libweston/compositor-rdp.c b/libweston/compositor-rdp.c
index 091472b0..7b1ab06d 100644
--- a/libweston/compositor-rdp.c
+++ b/libweston/compositor-rdp.c
@@ -142,6 +142,7 @@  struct rdp_peer_context {
 	wStream *encode_stream;
 	RFX_RECT *rfx_rects;
 	NSC_CONTEXT *nsc_context;
+	BYTE * bitmapData;
 
 	struct rdp_peers_item item;
 };
@@ -312,7 +313,10 @@  rdp_peer_refresh_raw(pixman_region32_t *region, pixman_image_t *image, freerdp_p
 			   cmd->destTop = top;
 			   cmd->destBottom = top + cmd->height;
 			   cmd->bitmapDataLength = cmd->width * cmd->height * 4;
-			   cmd->bitmapData = (BYTE *)realloc(cmd->bitmapData, cmd->bitmapDataLength);
+
+			   RdpPeerContext *context = (RdpPeerContext *)peer->context;
+			   context->bitmapData = (BYTE *)realloc(context->bitmapData, cmd->bitmapDataLength);
+			   cmd->bitmapData = context->bitmapData;
 
 			   subrect.y1 = top;
 			   subrect.y2 = top + cmd->height;
@@ -659,6 +663,7 @@  int rdp_implant_listener(struct rdp_backend *b, freerdp_listener* instance)
 static FREERDP_CB_RET_TYPE
 rdp_peer_context_new(freerdp_peer* client, RdpPeerContext* context)
 {
+	context->bitmapData = NULL;
 	context->item.peer = client;
 	context->item.flags = RDP_PEER_OUTPUT_ENABLED;
 
@@ -715,6 +720,8 @@  rdp_peer_context_free(freerdp_peer* client, RdpPeerContext* context)
 		 * but it would crash on reconnect */
 	}
 
+	free(context->bitmapData);
+
 	Stream_Free(context->encode_stream, TRUE);
 	nsc_context_free(context->nsc_context);
 	rfx_context_free(context->rfx_context);

Comments

Le 06/07/2017 à 12:06, Olivier Blin a écrit :
> In rdp_peer_refresh_raw(), cmd->bitmapData was reallocated, but never freed.
> 
> The cmd content (actually peer->update->surface_bits_command) was
> re-initialized to zero at the beginning of the function, losing the
> pointer to the previously allocated bitmap data.
> 
> Move the bitmap data in the peer->context structure instead, so that
> it can be reused for every frame, and freed at destruction.
> ---
>  libweston/compositor-rdp.c | 9 ++++++++-
>  1 file changed, 8 insertions(+), 1 deletion(-)
> 
> diff --git a/libweston/compositor-rdp.c b/libweston/compositor-rdp.c
> index 091472b0..7b1ab06d 100644
> --- a/libweston/compositor-rdp.c
> +++ b/libweston/compositor-rdp.c
> @@ -142,6 +142,7 @@ struct rdp_peer_context {
>  	wStream *encode_stream;
>  	RFX_RECT *rfx_rects;
>  	NSC_CONTEXT *nsc_context;
> +	BYTE * bitmapData;
>  
>  	struct rdp_peers_item item;
>  };
> @@ -312,7 +313,10 @@ rdp_peer_refresh_raw(pixman_region32_t *region, pixman_image_t *image, freerdp_p
>  			   cmd->destTop = top;
>  			   cmd->destBottom = top + cmd->height;
>  			   cmd->bitmapDataLength = cmd->width * cmd->height * 4;
> -			   cmd->bitmapData = (BYTE *)realloc(cmd->bitmapData, cmd->bitmapDataLength);
> +
> +			   RdpPeerContext *context = (RdpPeerContext *)peer->context;
> +			   context->bitmapData = (BYTE *)realloc(context->bitmapData, cmd->bitmapDataLength);
> +			   cmd->bitmapData = context->bitmapData;
>  
>  			   subrect.y1 = top;
>  			   subrect.y2 = top + cmd->height;
> @@ -659,6 +663,7 @@ int rdp_implant_listener(struct rdp_backend *b, freerdp_listener* instance)
>  static FREERDP_CB_RET_TYPE
>  rdp_peer_context_new(freerdp_peer* client, RdpPeerContext* context)
>  {
> +	context->bitmapData = NULL;
>  	context->item.peer = client;
>  	context->item.flags = RDP_PEER_OUTPUT_ENABLED;
>  
> @@ -715,6 +720,8 @@ rdp_peer_context_free(freerdp_peer* client, RdpPeerContext* context)
>  		 * but it would crash on reconnect */
>  	}
>  
> +	free(context->bitmapData);
> +
>  	Stream_Free(context->encode_stream, TRUE);
>  	nsc_context_free(context->nsc_context);
>  	rfx_context_free(context->rfx_context);
> 

Reviewed-by: David Fort <contact@hardening-consulting.com>