diff options
| author | Marc-André Lureau <marcandre.lureau@redhat.com> | 2014-11-26 17:31:43 +0100 |
|---|---|---|
| committer | Marc-André Lureau <marcandre.lureau@redhat.com> | 2014-12-01 17:29:56 +0100 |
| commit | 14dc8e170e71e4b860afe84cd20900b462e9b132 (patch) | |
| tree | e3729bc8499ea5a943c96ebac8cd090d5fbb8a1c | |
| parent | a56c7296a61df3aba35baa498d2b3d5afc2af6bc (diff) | |
| download | spice-gtk-14dc8e170e71e4b860afe84cd20900b462e9b132.tar.gz spice-gtk-14dc8e170e71e4b860afe84cd20900b462e9b132.tar.xz spice-gtk-14dc8e170e71e4b860afe84cd20900b462e9b132.zip | |
usb: keep USB context alive as long as channels exist
It was assumed the session would remain alive as long as channel
existed, so USB context would be valid too. Now that channels
are removed from session, USB context may be destroyed before
channels. This produces invalid read/write on USB context.
Make sure the context is alive as long as USB channels are by
adding a reference on USB manager.
==6939== Invalid write of size 4
==6939== at 0x394B604482: libusb_set_debug (core.c:1850)
==6939== by 0x3953A063D5: usbredirhost_open_full (usbredirhost.c:741)
==6939== by 0x4EC7E2F:
spice_usbredir_channel_set_context (channel-usbredir.c:212)
==6939== by 0x4EC7AB6:
spice_usbredir_channel_reset (channel-usbredir.c:125)
==6939== by 0x4EACCDC: spice_channel_reset (spice-channel.c:2621)
==6939== by 0x4EACDB4: channel_disconnect (spice-channel.c:2640)
==6939== by 0x4EAC28F: spice_channel_coroutine (spice-channel.c:2423)
==6939== by 0x4EE8B1C: coroutine_trampoline (coroutine_ucontext.c:63)
==6939== by 0x4EE87D6: continuation_trampoline (continuation.c:55)
==6939== by 0x3928247FEF: ??? (in /usr/lib64/libc-2.20.so)
==6939== by 0x51E36FF: ??? (in
/usr/local/stow/spice-gtk/lib/libspice-client-glib-2.0.so.8.5.0)
==6939== by 0xCF0C18F: ???
==6939== Address 0xff15f90 is 0 bytes inside a block of size 536 free'd
==6939== at 0x4A07CE9: free (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==6939== by 0x394B606466: libusb_exit (core.c:2041)
==6939== by 0x4ECC590: spice_usb_device_manager_finalize (usb-device-manager.c:371)
| -rw-r--r-- | gtk/usb-device-manager.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/gtk/usb-device-manager.c b/gtk/usb-device-manager.c index 7b27516..e11eae0 100644 --- a/gtk/usb-device-manager.c +++ b/gtk/usb-device-manager.c @@ -767,6 +767,14 @@ static void channel_new(SpiceSession *session, SpiceChannel *channel, g_ptr_array_add(self->priv->channels, channel); spice_usb_device_manager_check_redir_on_connect(self, channel); + + /* + * add a reference to ourself, to make sure the libusb context is + * alive as long as the channel is. + * TODO: moving to gusb could help here too. + */ + g_object_ref(self); + g_object_weak_ref(G_OBJECT(channel), (GWeakNotify)g_object_unref, self); } static void channel_destroy(SpiceSession *session, SpiceChannel *channel, |