summary refs log tree commit diff stats
diff options
context:
space:
mode:
authorTim Hardeck <thardeck@suse.de>2013-01-21 11:04:45 +0100
committerAnthony Liguori <aliguori@us.ibm.com>2013-01-21 13:33:12 -0600
commit6fd8e79af031d8cfc0eb02d40d03281917fcb27b (patch)
tree6fc46c4b8eef0ac65e9a9f3ac1f446dacdf83f1d
parent7536ee4bc3da7e9b7fdadba5ba6ade63eaace430 (diff)
downloadfocaccia-qemu-6fd8e79af031d8cfc0eb02d40d03281917fcb27b.tar.gz
focaccia-qemu-6fd8e79af031d8cfc0eb02d40d03281917fcb27b.zip
vnc: fix possible uninitialized removals
Some VncState values are not initialized before the Websocket handshake.
If it fails QEMU segfaults during the cleanup. To prevent this behavior
intialization checks are added.

Signed-off-by: Tim Hardeck <thardeck@suse.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Diffstat
-rw-r--r--ui/vnc.c11
-rw-r--r--ui/vnc.h1
2 files changed, 9 insertions, 3 deletions
diff --git a/ui/vnc.c b/ui/vnc.c
index ee08894f7f..ff4e2ae586 100644
--- a/ui/vnc.c
+++ b/ui/vnc.c
@@ -1053,20 +1053,24 @@ void vnc_disconnect_finish(VncState *vs)
     audio_del(vs);
     vnc_release_modifiers(vs);
 
-    QTAILQ_REMOVE(&vs->vd->clients, vs, next);
+    if (vs->initialized) {
+        QTAILQ_REMOVE(&vs->vd->clients, vs, next);
+        qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
+    }
 
     if (QTAILQ_EMPTY(&vs->vd->clients)) {
         dcl->idle = 1;
     }
 
-    qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
     vnc_remove_timer(vs->vd);
     if (vs->vd->lock_key_sync)
         qemu_remove_led_event_handler(vs->led);
     vnc_unlock_output(vs);
 
     qemu_mutex_destroy(&vs->output_mutex);
-    qemu_bh_delete(vs->bh);
+    if (vs->bh != NULL) {
+        qemu_bh_delete(vs->bh);
+    }
     buffer_free(&vs->jobs_buffer);
 
     for (i = 0; i < VNC_STAT_ROWS; ++i) {
@@ -2749,6 +2753,7 @@ static void vnc_connect(VncDisplay *vd, int csock, int skipauth, bool websocket)
 
 void vnc_init_state(VncState *vs)
 {
+    vs->initialized = true;
     VncDisplay *vd = vs->vd;
 
     vs->ds = vd->ds;
diff --git a/ui/vnc.h b/ui/vnc.h
index f93c89a2f7..45d7686843 100644
--- a/ui/vnc.h
+++ b/ui/vnc.h
@@ -306,6 +306,7 @@ struct VncState
     QEMUPutLEDEntry *led;
 
     bool abort;
+    bool initialized;
     QemuMutex output_mutex;
     QEMUBH *bh;
     Buffer jobs_buffer;