diff options
author | Marc-André Lureau <marcandre.lureau@redhat.com> | 2014-02-25 11:42:47 +0100 |
---|---|---|
committer | Marc-André Lureau <marcandre.lureau@redhat.com> | 2014-02-25 11:42:47 +0100 |
commit | 055a310f655ad436599c4fef965f2b3e7bc0f17f (patch) | |
tree | 5fb81c8414936701b374febf7b653b829645eb98 | |
parent | e124a3b2e8d375661aeed9c151866c46985d7afa (diff) | |
download | spice-gtk-055a310f655ad436599c4fef965f2b3e7bc0f17f.tar.gz spice-gtk-055a310f655ad436599c4fef965f2b3e7bc0f17f.tar.xz spice-gtk-055a310f655ad436599c4fef965f2b3e7bc0f17f.zip |
display: fix crash when releasing primary surface
Since 1fcaaa15f8aca362f9e6afc87fb43cfbccf6ff62, display_surface is
allocated using gslice. However MSG_DISPLAY_MODE handler didn't allocate
using GSlice. This can eventually lead to a crash when freeing, such as:
Thread no. 1 (6 frames)
#2 g_slice_free1 at gslice.c:1097
#3 iter_remove_or_steal at ghash.c:787
#4 clear_surfaces at /lib64/libspice-client-glib-2.0.so.8
#5 spice_display_channel_finalize at
/lib64/libspice-client-glib-2.0.so.8
#7 spice_channel_delayed_unref at /lib64/libspice-client-glib-2.0.so.8
#12 gtk_main at gtkmain.c:1158
https://bugzilla.redhat.com/show_bug.cgi?id=1069546
-rw-r--r-- | gtk/channel-display.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/gtk/channel-display.c b/gtk/channel-display.c index e464abf..96fd764 100644 --- a/gtk/channel-display.c +++ b/gtk/channel-display.c @@ -886,7 +886,7 @@ static void display_handle_mode(SpiceChannel *channel, SpiceMsgIn *in) g_warn_if_fail(c->mark == FALSE); - surface = spice_new0(display_surface, 1); + surface = g_slice_new0(display_surface); surface->format = mode->bits == 32 ? SPICE_SURFACE_FMT_32_xRGB : SPICE_SURFACE_FMT_16_555; surface->width = mode->x_res; |