falso
/
qemu-irix
mirror of https://github.com/n64decomp/qemu-irix.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

vnc_refresh: calling vnc_update_client might free vs 

Hi all,
this patch fixes another bug in vnc_refresh: calling vnc_update_client
might cause vs to be free()ed, in this case we cannot access vs->next
right after to examine the next item on the list.

Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 6185c5783c)
This commit is contained in:
Stefano Stabellini 2010-01-25 12:54:57 +00:00 committed by Anthony Liguori
parent eb05143e24
commit c727a05459
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
vnc.c
View File

@ -2293,7 +2293,7 @@ static int vnc_refresh_server_surface(VncDisplay *vd)
static void vnc_refresh(void *opaque) static void vnc_refresh(void *opaque)
{ {
VncDisplay *vd = opaque; VncDisplay *vd = opaque;
VncState *vs = NULL; VncState *vs = NULL, *vn = NULL;
int has_dirty = 0, rects = 0; int has_dirty = 0, rects = 0;
vga_hw_update(); vga_hw_update();
@ -2302,8 +2302,10 @@ static void vnc_refresh(void *opaque)
vs = vd->clients; vs = vd->clients;
while (vs != NULL) { while (vs != NULL) {
vn = vs->next;
rects += vnc_update_client(vs, has_dirty); rects += vnc_update_client(vs, has_dirty);
vs = vs->next; /* vs might be free()ed here */
vs = vn;
} }
/* vd->timer could be NULL now if the last client disconnected, /* vd->timer could be NULL now if the last client disconnected,
* in this case don't update the timer */ * in this case don't update the timer */