aboutsummaryrefslogtreecommitdiff
path: root/ui
diff options
context:
space:
mode:
authorTim Hardeck <thardeck@suse.de>2013-01-21 11:04:45 +0100
committerAnthony Liguori <aliguori@us.ibm.com>2013-01-21 13:33:12 -0600
commit6fd8e79af031d8cfc0eb02d40d03281917fcb27b (patch)
tree6fc46c4b8eef0ac65e9a9f3ac1f446dacdf83f1d /ui
parent7536ee4bc3da7e9b7fdadba5ba6ade63eaace430 (diff)
downloadqemu-6fd8e79af031d8cfc0eb02d40d03281917fcb27b.zip
qemu-6fd8e79af031d8cfc0eb02d40d03281917fcb27b.tar.gz
qemu-6fd8e79af031d8cfc0eb02d40d03281917fcb27b.tar.bz2
vnc: fix possible uninitialized removals
Some VncState values are not initialized before the Websocket handshake. If it fails QEMU segfaults during the cleanup. To prevent this behavior intialization checks are added. Signed-off-by: Tim Hardeck <thardeck@suse.de> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Diffstat (limited to 'ui')
-rw-r--r--ui/vnc.c11
-rw-r--r--ui/vnc.h1
2 files changed, 9 insertions, 3 deletions
diff --git a/ui/vnc.c b/ui/vnc.c
index ee08894..ff4e2ae 100644
--- a/ui/vnc.c
+++ b/ui/vnc.c
@@ -1053,20 +1053,24 @@ void vnc_disconnect_finish(VncState *vs)
audio_del(vs);
vnc_release_modifiers(vs);
- QTAILQ_REMOVE(&vs->vd->clients, vs, next);
+ if (vs->initialized) {
+ QTAILQ_REMOVE(&vs->vd->clients, vs, next);
+ qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
+ }
if (QTAILQ_EMPTY(&vs->vd->clients)) {
dcl->idle = 1;
}
- qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
vnc_remove_timer(vs->vd);
if (vs->vd->lock_key_sync)
qemu_remove_led_event_handler(vs->led);
vnc_unlock_output(vs);
qemu_mutex_destroy(&vs->output_mutex);
- qemu_bh_delete(vs->bh);
+ if (vs->bh != NULL) {
+ qemu_bh_delete(vs->bh);
+ }
buffer_free(&vs->jobs_buffer);
for (i = 0; i < VNC_STAT_ROWS; ++i) {
@@ -2749,6 +2753,7 @@ static void vnc_connect(VncDisplay *vd, int csock, int skipauth, bool websocket)
void vnc_init_state(VncState *vs)
{
+ vs->initialized = true;
VncDisplay *vd = vs->vd;
vs->ds = vd->ds;
diff --git a/ui/vnc.h b/ui/vnc.h
index f93c89a..45d7686 100644
--- a/ui/vnc.h
+++ b/ui/vnc.h
@@ -306,6 +306,7 @@ struct VncState
QEMUPutLEDEntry *led;
bool abort;
+ bool initialized;
QemuMutex output_mutex;
QEMUBH *bh;
Buffer jobs_buffer;