[client] x11: prevent race condition causing double free

This commit is contained in:
Geoffrey McRae 2019-02-25 04:42:58 +11:00
parent c7666b314b
commit 8d48dd973a
2 changed files with 16 additions and 0 deletions

View file

@ -204,6 +204,7 @@ static void x11_cb_wmevent(SDL_SysWMmsg * msg)
s->xselection.property = None; s->xselection.property = None;
XSendEvent(this->display, e.xselectionrequest.requestor, 0, 0, s); XSendEvent(this->display, e.xselectionrequest.requestor, 0, 0, s);
XFlush(this->display); XFlush(this->display);
return;
} }
if (e.type == SelectionClear && ( if (e.type == SelectionClear && (

View file

@ -123,6 +123,7 @@ struct Spice
bool cbSelection; bool cbSelection;
// clipboard variables // clipboard variables
LG_Lock cbLock;
bool cbAgentGrabbed; bool cbAgentGrabbed;
bool cbClientGrabbed; bool cbClientGrabbed;
SpiceDataType cbType; SpiceDataType cbType;
@ -197,6 +198,8 @@ bool spice_connect(const char * host, const unsigned short port, const char * pa
DEBUG_INFO("Remote: %s:%u", host, port); DEBUG_INFO("Remote: %s:%u", host, port);
} }
LG_LOCK_INIT(spice.cbLock);
spice.channelID = 0; spice.channelID = 0;
if (!spice_connect_channel(&spice.scMain)) if (!spice_connect_channel(&spice.scMain))
{ {
@ -216,11 +219,14 @@ void spice_disconnect()
spice.sessionID = 0; spice.sessionID = 0;
LG_LOCK(spice.cbLock);
if (spice.cbBuffer) if (spice.cbBuffer)
free(spice.cbBuffer); free(spice.cbBuffer);
spice.cbBuffer = NULL; spice.cbBuffer = NULL;
spice.cbRemain = 0; spice.cbRemain = 0;
spice.cbSize = 0; spice.cbSize = 0;
LG_UNLOCK(spice.cbLock);
LG_LOCK_FREE(spice.cbLock);
spice.cbAgentGrabbed = false; spice.cbAgentGrabbed = false;
spice.cbClientGrabbed = false; spice.cbClientGrabbed = false;
@ -576,6 +582,7 @@ bool spice_on_main_channel_read()
DEBUG_INFO("Spice agent disconnected, error: %u", error); DEBUG_INFO("Spice agent disconnected, error: %u", error);
spice.hasAgent = false; spice.hasAgent = false;
LG_LOCK(spice.cbLock);
if (spice.cbBuffer) if (spice.cbBuffer)
{ {
free(spice.cbBuffer); free(spice.cbBuffer);
@ -583,6 +590,7 @@ bool spice_on_main_channel_read()
spice.cbSize = 0; spice.cbSize = 0;
spice.cbRemain = 0; spice.cbRemain = 0;
} }
LG_UNLOCK(spice.cbLock);
return true; return true;
} }
@ -929,6 +937,7 @@ bool spice_agent_process(uint32_t dataSize)
{ {
if (spice.cbRemain) if (spice.cbRemain)
{ {
LG_LOCK(spice.cbLock);
const uint32_t r = spice.cbRemain > dataSize ? dataSize : spice.cbRemain; const uint32_t r = spice.cbRemain > dataSize ? dataSize : spice.cbRemain;
if (!spice_read_nl(&spice.scMain, spice.cbBuffer + spice.cbSize, r)) if (!spice_read_nl(&spice.scMain, spice.cbBuffer + spice.cbSize, r))
{ {
@ -937,6 +946,7 @@ bool spice_agent_process(uint32_t dataSize)
spice.cbBuffer = NULL; spice.cbBuffer = NULL;
spice.cbRemain = 0; spice.cbRemain = 0;
spice.cbSize = 0; spice.cbSize = 0;
LG_UNLOCK(spice.cbLock);
return false; return false;
} }
@ -946,6 +956,7 @@ bool spice_agent_process(uint32_t dataSize)
if (spice.cbRemain == 0) if (spice.cbRemain == 0)
spice_agent_on_clipboard(); spice_agent_on_clipboard();
LG_UNLOCK(spice.cbLock);
return true; return true;
} }
@ -1045,9 +1056,11 @@ bool spice_agent_process(uint32_t dataSize)
if (msg.type == VD_AGENT_CLIPBOARD) if (msg.type == VD_AGENT_CLIPBOARD)
{ {
DEBUG_CLIPBOARD("VD_AGENT_CLIPBOARD"); DEBUG_CLIPBOARD("VD_AGENT_CLIPBOARD");
LG_LOCK(spice.cbLock);
if (spice.cbBuffer) if (spice.cbBuffer)
{ {
DEBUG_ERROR("cbBuffer was never freed"); DEBUG_ERROR("cbBuffer was never freed");
LG_UNLOCK(spice.cbLock);
return false; return false;
} }
@ -1063,6 +1076,7 @@ bool spice_agent_process(uint32_t dataSize)
spice.cbBuffer = NULL; spice.cbBuffer = NULL;
spice.cbRemain = 0; spice.cbRemain = 0;
spice.cbSize = 0; spice.cbSize = 0;
LG_UNLOCK(spice.cbLock);
return false; return false;
} }
@ -1072,6 +1086,7 @@ bool spice_agent_process(uint32_t dataSize)
if (spice.cbRemain == 0) if (spice.cbRemain == 0)
spice_agent_on_clipboard(); spice_agent_on_clipboard();
LG_UNLOCK(spice.cbLock);
return true; return true;
} }
else else