From 6e7401410f3fa8e817c6367a9fc120675c8c8d20 Mon Sep 17 00:00:00 2001
From: Victor Toso <me@victortoso.com>
Date: Tue, 29 Nov 2016 22:34:04 +0100
Subject: [PATCH] channel-usbredir: Fix crash on channel-up
SpiceSession does not initialize its SpiceUsbDeviceManager object on
startup that could lead to a race condition where channel-usbredir is
requested to flush data while it is uninitialized.
In a few places, spice_usb_device_manager_get() is called as in
usb-device-widget.c and spice-gtk-session.c but not used in
spicy-stats, making the tool to crash on startup if it encounters an
usbredir channel.
#0 in usbredirhost_write_guest_data (host=0x0) at usbredir/usbredirhost/usbredirhost.c:876
#1 in spice_usbredir_channel_up (c=0x643830) at channel-usbredir.c:821
#2 in spice_channel_up (channel=0x643830) at spice-channel.c:1238
#3 in spice_channel_recv_auth (channel=0x643830) at spice-channel.c:1225
#4 in spice_channel_coroutine (data=0x643830) at spice-channel.c:2580
#5 in coroutine_trampoline (cc=0x642ec0) at coroutine_ucontext.c:63
#6 in continuation_trampoline (i0=6565568, i1=0) at continuation.c:55
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1399838
Signed-off-by: Victor Toso <victortoso@redhat.com>
Reported-by: Michael Cullen <michael@cullen-online.com>
Acked-by: Christophe Fergeau <cfergeau@redhat.com>
(cherry picked from commit 291f3e4419e6fb4077ae43a5e09eb1c37b9dd729)
---
src/spice-session.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/src/spice-session.c b/src/spice-session.c
index 860461f..a1786af 100644
--- a/src/spice-session.c
+++ b/src/spice-session.c
@@ -282,6 +282,7 @@ static void spice_session_init(SpiceSession *session)
{
SpiceSessionPrivate *s;
gchar *channels;
+ GError *err = NULL;
SPICE_DEBUG("New session (compiled from package " PACKAGE_STRING ")");
s = session->priv = SPICE_SESSION_GET_PRIVATE(session);
@@ -294,6 +295,12 @@ static void spice_session_init(SpiceSession *session)
s->images = cache_image_new((GDestroyNotify)pixman_image_unref);
s->glz_window = glz_decoder_window_new();
update_proxy(session, NULL);
+
+ s->usb_manager = spice_usb_device_manager_get(session, &err);
+ if (err != NULL) {
+ SPICE_DEBUG("Could not initialize SpiceUsbDeviceManager - %s", err->message);
+ g_clear_error(&err);
+ }
}
static void
--
2.11.0