diff options
| author | Li Qiang <liq3ea@gmail.com> | 2017-02-21 00:18:27 -0800 |
|---|---|---|
| committer | Paolo Bonzini <pbonzini@redhat.com> | 2017-03-03 16:40:03 +0100 |
| commit | f20e6f8cd42acae9a130b9e0bcd47b0d7e39f253 (patch) | |
| tree | ee1f1744072b9b2ec31789c265970d137c6b3ffc | |
| parent | f6f99b48087696812241d6c54f97444de6364c24 (diff) | |
| download | qemu-f20e6f8cd42acae9a130b9e0bcd47b0d7e39f253.zip qemu-f20e6f8cd42acae9a130b9e0bcd47b0d7e39f253.tar.gz qemu-f20e6f8cd42acae9a130b9e0bcd47b0d7e39f253.tar.bz2 | |
spice-char: fix segfault in char_spice_finalize
In 'qemu_chr_open_spice_vmc' if the 'psubtype' is NULL, it will
call 'char_spice_finalize'. But as the SpiceChardev is not inserted
in the 'spice_chars' list, the 'QLIST_REMOVE' will cause a segfault.
Add a detect to avoid it.
Signed-off-by: Li Qiang <liqiang6-s@360.cn>
Message-Id: <1487665107-88004-1-git-send-email-liqiang6-s@360.cn>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Li Qiang <liq3ea@gmail.com>
| -rw-r--r-- | spice-qemu-char.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/spice-qemu-char.c b/spice-qemu-char.c index 6f46f46..4d1c76e 100644 --- a/spice-qemu-char.c +++ b/spice-qemu-char.c @@ -215,7 +215,10 @@ static void char_spice_finalize(Object *obj) SpiceChardev *s = SPICE_CHARDEV(obj); vmc_unregister_interface(s); - QLIST_REMOVE(s, next); + + if (s->next.le_prev) { + QLIST_REMOVE(s, next); + } g_free((char *)s->sin.subtype); #if SPICE_SERVER_VERSION >= 0x000c02 |