[phodav,05/13] spice: clear loop pointer on unref

Submitted by Jakub Janku on May 23, 2019, 8:37 a.m.

Details

Message ID 20190523083725.1554-6-jjanku@redhat.com
State New
Headers show
Series "Miscellaneous series" ( rev: 1 ) in Spice

Not browsing as part of any series.

Commit Message

Jakub Janku May 23, 2019, 8:37 a.m.
The pointer to loop must be set to NULL on unref.

Quit signal handler can be called at any time,
using g_main_loop_quit() on a freed loop could lead to segfault.

Signed-off-by: Jakub Janků <jjanku@redhat.com>
---
 spice/spice-webdavd.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

Patch hide | download patch | download mbox

diff --git a/spice/spice-webdavd.c b/spice/spice-webdavd.c
index 6ad63c5..3fac28b 100644
--- a/spice/spice-webdavd.c
+++ b/spice/spice-webdavd.c
@@ -243,7 +243,8 @@  quit (int sig)
   if (sig == SIGINT || sig == SIGTERM)
       quit_service = TRUE;
 
-  g_main_loop_quit (loop);
+  if (loop)
+    g_main_loop_quit (loop);
 }
 
 static Client *
@@ -982,7 +983,7 @@  run_service (ServiceData *service_data)
 
   start_mux_read (mux_istream);
   g_main_loop_run (loop);
-  g_main_loop_unref (loop);
+  g_clear_pointer (&loop, g_main_loop_unref);
 
 #ifdef G_OS_WIN32
   g_cancellable_cancel (map_drive_data.cancel_map);

Comments

On Thu, May 23, 2019 at 10:37 AM Jakub Janků <jjanku@redhat.com> wrote:
>
> The pointer to loop must be set to NULL on unref.
>
> Quit signal handler can be called at any time,
> using g_main_loop_quit() on a freed loop could lead to segfault.

I am not sure if this is enough to solve the race you describe
(handler could still be called before loop is set to null, right?),
but the change seems to go in the right direction.

ack

>
> Signed-off-by: Jakub Janků <jjanku@redhat.com>
> ---
>  spice/spice-webdavd.c | 5 +++--
>  1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/spice/spice-webdavd.c b/spice/spice-webdavd.c
> index 6ad63c5..3fac28b 100644
> --- a/spice/spice-webdavd.c
> +++ b/spice/spice-webdavd.c
> @@ -243,7 +243,8 @@ quit (int sig)
>    if (sig == SIGINT || sig == SIGTERM)
>        quit_service = TRUE;
>
> -  g_main_loop_quit (loop);
> +  if (loop)
> +    g_main_loop_quit (loop);
>  }
>
>  static Client *
> @@ -982,7 +983,7 @@ run_service (ServiceData *service_data)
>
>    start_mux_read (mux_istream);
>    g_main_loop_run (loop);
> -  g_main_loop_unref (loop);
> +  g_clear_pointer (&loop, g_main_loop_unref);
>
>  #ifdef G_OS_WIN32
>    g_cancellable_cancel (map_drive_data.cancel_map);
> --
> 2.21.0
>
> _______________________________________________
> Spice-devel mailing list
> Spice-devel@lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/spice-devel