From efa49391fcbef9e577c61be15c2f6ed9e333d7e9 Mon Sep 17 00:00:00 2001
From: Geoffrey McRae <geoff@hostfission.com>
Date: Wed, 26 Jan 2022 17:20:12 +1100
Subject: [PATCH] [client] fix race segfault on pointer queue
 unsubscribe/timeout

---
 client/src/core.c | 11 +++++++++++
 client/src/main.c |  8 +++++++-
 client/src/main.h |  1 +
 3 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/client/src/core.c b/client/src/core.c
index 7bbe1222..b70c2f2f 100644
--- a/client/src/core.c
+++ b/client/src/core.c
@@ -484,12 +484,23 @@ void core_handleMouseNormal(double ex, double ey)
         g_cursor.realigning = true;
         do
         {
+          LG_LOCK(g_state.pointerQueueLock);
+          if (!g_state.pointerQueue)
+          {
+            /* the queue is nolonger valid, assume complete */
+            g_cursor.realigning = false;
+            LG_UNLOCK(g_state.pointerQueueLock);
+            break;
+          }
+
           uint32_t hostSerial;
           if (lgmpClientGetSerial(g_state.pointerQueue, &hostSerial) != LGMP_OK)
           {
             g_cursor.realigning = false;
+            LG_UNLOCK(g_state.pointerQueueLock);
             return;
           }
+          LG_UNLOCK(g_state.pointerQueueLock);
 
           if (hostSerial >= setPosSerial)
             break;
diff --git a/client/src/main.c b/client/src/main.c
index b3a73516..8109ad1e 100644
--- a/client/src/main.c
+++ b/client/src/main.c
@@ -502,8 +502,9 @@ int main_cursorThread(void * unused)
       lgSignalEvent(g_state.frameEvent);
   }
 
+  LG_LOCK(g_state.pointerQueueLock);
   lgmpClientUnsubscribe(&g_state.pointerQueue);
-
+  LG_UNLOCK(g_state.pointerQueueLock);
 
   if (cursor)
   {
@@ -1484,8 +1485,12 @@ restart:
 
   g_state.kvmfrFeatures = udata->features;
 
+  LG_LOCK_INIT(g_state.pointerQueueLock);
   if (!core_startCursorThread() || !core_startFrameThread())
+  {
+    LG_LOCK_FREE(g_state.pointerQueueLock);
     return -1;
+  }
 
   while(g_state.state == APP_STATE_RUNNING)
   {
@@ -1514,6 +1519,7 @@ restart:
     goto restart;
   }
 
+  LG_LOCK_FREE(g_state.pointerQueueLock);
   return 0;
 }
 
diff --git a/client/src/main.h b/client/src/main.h
index a1715b7c..8e615f4c 100644
--- a/client/src/main.h
+++ b/client/src/main.h
@@ -113,6 +113,7 @@ struct AppState
   struct IVSHMEM       shm;
   PLGMPClient          lgmp;
   PLGMPClientQueue     pointerQueue;
+  LG_Lock              pointerQueueLock;
   KVMFRFeatureFlags    kvmfrFeatures;
 
   LGThread            * cursorThread;