diff options
author | Tim Hardeck <thardeck@suse.de> | 2013-01-21 11:04:45 +0100 |
---|---|---|
committer | Anthony Liguori <aliguori@us.ibm.com> | 2013-01-21 13:33:12 -0600 |
commit | 6fd8e79af031d8cfc0eb02d40d03281917fcb27b (patch) | |
tree | 6fc46c4b8eef0ac65e9a9f3ac1f446dacdf83f1d /ui/vnc.c | |
parent | 7536ee4bc3da7e9b7fdadba5ba6ade63eaace430 (diff) | |
download | qemu-6fd8e79af031d8cfc0eb02d40d03281917fcb27b.tar.gz qemu-6fd8e79af031d8cfc0eb02d40d03281917fcb27b.tar.bz2 qemu-6fd8e79af031d8cfc0eb02d40d03281917fcb27b.zip |
vnc: fix possible uninitialized removals
Some VncState values are not initialized before the Websocket handshake.
If it fails QEMU segfaults during the cleanup. To prevent this behavior
intialization checks are added.
Signed-off-by: Tim Hardeck <thardeck@suse.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Diffstat (limited to 'ui/vnc.c')
-rw-r--r-- | ui/vnc.c | 11 |
1 files changed, 8 insertions, 3 deletions
@@ -1053,20 +1053,24 @@ void vnc_disconnect_finish(VncState *vs) audio_del(vs); vnc_release_modifiers(vs); - QTAILQ_REMOVE(&vs->vd->clients, vs, next); + if (vs->initialized) { + QTAILQ_REMOVE(&vs->vd->clients, vs, next); + qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier); + } if (QTAILQ_EMPTY(&vs->vd->clients)) { dcl->idle = 1; } - qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier); vnc_remove_timer(vs->vd); if (vs->vd->lock_key_sync) qemu_remove_led_event_handler(vs->led); vnc_unlock_output(vs); qemu_mutex_destroy(&vs->output_mutex); - qemu_bh_delete(vs->bh); + if (vs->bh != NULL) { + qemu_bh_delete(vs->bh); + } buffer_free(&vs->jobs_buffer); for (i = 0; i < VNC_STAT_ROWS; ++i) { @@ -2749,6 +2753,7 @@ static void vnc_connect(VncDisplay *vd, int csock, int skipauth, bool websocket) void vnc_init_state(VncState *vs) { + vs->initialized = true; VncDisplay *vd = vs->vd; vs->ds = vd->ds; |