[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH] vnc_refresh: calling vnc_update_client might free v
|
From: |
Stefano Stabellini |
|
Subject: |
[Qemu-devel] [PATCH] vnc_refresh: calling vnc_update_client might free vs |
|
Date: |
Mon, 25 Jan 2010 12:54:57 +0000 |
|
User-agent: |
Alpine 2.00 (DEB 1167 2008-08-23) |
Hi all,
this patch fixes another bug in vnc_refresh: calling vnc_update_client
might cause vs to be free()ed, in this case we cannot access vs->next
right after to examine the next item on the list.
Signed-off-by: Stefano Stabellini <address@hidden>
---
diff --git a/vnc.c b/vnc.c
index cc2a26e..92facde 100644
--- a/vnc.c
+++ b/vnc.c
@@ -2345,7 +2345,7 @@ static int vnc_refresh_server_surface(VncDisplay *vd)
static void vnc_refresh(void *opaque)
{
VncDisplay *vd = opaque;
- VncState *vs = NULL;
+ VncState *vs = NULL, *vn = NULL;
int has_dirty = 0, rects = 0;
vga_hw_update();
@@ -2354,8 +2354,10 @@ static void vnc_refresh(void *opaque)
vs = vd->clients;
while (vs != NULL) {
+ vn = vs->next;
rects += vnc_update_client(vs, has_dirty);
- vs = vs->next;
+ /* vs might be free()ed here */
+ vs = vn;
}
/* vd->timer could be NULL now if the last client disconnected,
* in this case don't update the timer */
- [Qemu-devel] [PATCH] vnc_refresh: calling vnc_update_client might free vs,
Stefano Stabellini <=