|
 |
e2c81d |
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
|
e2c81d |
From: Victor Toso <victortoso@redhat.com>
|
|
|
e2c81d |
Date: Fri, 13 Nov 2015 10:44:55 +0100
|
|
|
e2c81d |
Subject: [PATCH] char-device: set to NULL freed pointers on destroy
|
|
|
e2c81d |
|
|
|
e2c81d |
As SpiceCharDeviceState is only unref'ed on
|
|
|
e2c81d |
spice_char_device_state_destroy the same device could be destroyed more
|
|
|
e2c81d |
then once so the pointers that are freed should be set to NULL.
|
|
|
e2c81d |
|
|
|
e2c81d |
Related: https://bugzilla.redhat.com/show_bug.cgi?id=1281455
|
|
|
e2c81d |
---
|
|
|
e2c81d |
server/char_device.c | 2 ++
|
|
|
e2c81d |
1 file changed, 2 insertions(+)
|
|
|
e2c81d |
|
|
|
e2c81d |
diff --git a/server/char_device.c b/server/char_device.c
|
|
|
e2c81d |
index dd367ab..285299c 100644
|
|
|
e2c81d |
--- a/server/char_device.c
|
|
|
e2c81d |
+++ b/server/char_device.c
|
|
|
e2c81d |
@@ -724,10 +724,12 @@ void spice_char_device_state_destroy(SpiceCharDeviceState *char_dev)
|
|
|
e2c81d |
reds_on_char_device_state_destroy(char_dev);
|
|
|
e2c81d |
if (char_dev->write_to_dev_timer) {
|
|
|
e2c81d |
core->timer_remove(char_dev->write_to_dev_timer);
|
|
|
e2c81d |
+ char_dev->write_to_dev_timer = NULL;
|
|
|
e2c81d |
}
|
|
|
e2c81d |
write_buffers_queue_free(&char_dev->write_queue);
|
|
|
e2c81d |
write_buffers_queue_free(&char_dev->write_bufs_pool);
|
|
|
e2c81d |
spice_char_device_write_buffer_free(char_dev->cur_write_buf);
|
|
|
e2c81d |
+ char_dev->cur_write_buf = NULL;
|
|
|
e2c81d |
|
|
|
e2c81d |
while (!ring_is_empty(&char_dev->clients)) {
|
|
|
e2c81d |
RingItem *item = ring_get_tail(&char_dev->clients);
|