From 51fa9b5b1d1c322206f7056d56bb74b1759a8161 Mon Sep 17 00:00:00 2001
From: Victor Toso <victortoso@redhat.com>
Date: Thu, 12 May 2016 22:18:44 +0200
Subject: [PATCH 07/15] file-xfer: fix segfault on agent disconnection
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
We are checking self->priv->error but accessing the argument GError *
which is NULL and leads to a segfault.
Program received signal SIGSEGV, Segmentation fault.
spice_file_transfer_task_completed (self=self@entry=0x7fffd0006f00, error=0x0) at channel-main.c:2963
2963 VDAgentFileXferStatusMessage msg = {
(gdb) bt
#0 spice_file_transfer_task_completed (self=self@entry=0x7fffd0006f00, error=0x0) at channel-main.c:2963
#1 in file_xfer_data_flushed_cb (source_object=0x7cc1d0, res=0x953390, user_data=user_data@entry=0x7fffd0006f00) at channel-main.c:1857
#2 in g_task_return_now (task=0x953390) at gtask.c:1108
#3 in g_task_return (task=0x953390, type=<optimized out>) at gtask.c:1166
#4 in flush_foreach_remove (key=<optimized out>, value=<optimized out>, user_data=<optimized out>) at channel-main.c:928
#5 in g_hash_table_foreach_remove_or_steal (hash_table=0x70cea0, func=func@entry=0x7ffff5616f10 <flush_foreach_remove>, user_data=user_data@entry=0x0, notify=notify@entry=1) at ghash.c:1492
#6 in g_hash_table_foreach_remove (hash_table=<optimized out>, func=func@entry=0x7ffff5616f10 <flush_foreach_remove>, user_data=user_data@entry=0x0) at ghash.c:1538
#7 in file_xfer_flushed (success=0, channel=0x7cc1d0) at channel-main.c:936
#8 spice_main_channel_reset_agent (channel=0x7cc1d0) at channel-main.c:466
#9 set_agent_connected (channel=0x7cc1d0, connected=connected@entry=0) at channel-main.c:1572
#10 in spice_main_channel_reset (channel=0x7cc1d0, migrating=0) at channel-main.c:485
#11 in spice_channel_coroutine (data=0x7cc1d0) at spice-channel.c:2564
#12 in coroutine_trampoline (cc=0x7cb860) at coroutine_ucontext.c:63
#13 in continuation_trampoline (i0=<optimized out>, i1=<optimized out>) at continuation.c:55
#14 in ?? () from /lib64/libc.so.6
#15 in ?? ()
#16 in ?? ()
Backtrace stopped: Cannot access memory at address
Acked-by: Fabiano FidĂȘncio <fidencio@redhat.com>
(cherry picked from commit a61c1ff0ac34fded8f71e528594c3f548479cd44)
---
src/channel-main.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/channel-main.c b/src/channel-main.c
index 2ad1ece..7f4d0b3 100644
--- a/src/channel-main.c
+++ b/src/channel-main.c
@@ -2944,7 +2944,7 @@ static void spice_file_transfer_task_completed(SpiceFileTransferTask *self,
if (self->priv->error) {
VDAgentFileXferStatusMessage msg = {
.id = self->priv->id,
- .result = error->code == G_IO_ERROR_CANCELLED ?
+ .result = self->priv->error->code == G_IO_ERROR_CANCELLED ?
VD_AGENT_FILE_XFER_STATUS_CANCELLED : VD_AGENT_FILE_XFER_STATUS_ERROR,
};
agent_msg_queue_many(self->priv->channel, VD_AGENT_FILE_XFER_STATUS,
@@ -2966,7 +2966,7 @@ static void spice_file_transfer_task_completed(SpiceFileTransferTask *self,
self);
self->priv->pending = TRUE;
signal:
- g_signal_emit(self, task_signals[SIGNAL_FINISHED], 0, error);
+ g_signal_emit(self, task_signals[SIGNAL_FINISHED], 0, self->priv->error);
}
--
2.5.5