From 49ee0564ae943345d1ebbd86d208f09119b43a0d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= Date: Tue, 25 Feb 2014 16:44:01 +0100 Subject: [PATCH] Fix crash on finishing display rhbz#1069546 --- ...crash-when-releasing-primary-surface.patch | 39 +++++++++++++++++++ spice-gtk.spec | 7 +++- 2 files changed, 45 insertions(+), 1 deletion(-) create mode 100644 0001-display-fix-crash-when-releasing-primary-surface.patch diff --git a/0001-display-fix-crash-when-releasing-primary-surface.patch b/0001-display-fix-crash-when-releasing-primary-surface.patch new file mode 100644 index 0000000..8067f9f --- /dev/null +++ b/0001-display-fix-crash-when-releasing-primary-surface.patch @@ -0,0 +1,39 @@ +From 055a310f655ad436599c4fef965f2b3e7bc0f17f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= +Date: Tue, 25 Feb 2014 11:42:47 +0100 +Subject: [PATCH spice-gtk] display: fix crash when releasing primary surface + +Since 1fcaaa15f8aca362f9e6afc87fb43cfbccf6ff62, display_surface is +allocated using gslice. However MSG_DISPLAY_MODE handler didn't allocate +using GSlice. This can eventually lead to a crash when freeing, such as: + +Thread no. 1 (6 frames) + #2 g_slice_free1 at gslice.c:1097 + #3 iter_remove_or_steal at ghash.c:787 + #4 clear_surfaces at /lib64/libspice-client-glib-2.0.so.8 + #5 spice_display_channel_finalize at + /lib64/libspice-client-glib-2.0.so.8 + #7 spice_channel_delayed_unref at /lib64/libspice-client-glib-2.0.so.8 + #12 gtk_main at gtkmain.c:1158 + +https://bugzilla.redhat.com/show_bug.cgi?id=1069546 +--- + gtk/channel-display.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/gtk/channel-display.c b/gtk/channel-display.c +index e464abf..96fd764 100644 +--- a/gtk/channel-display.c ++++ b/gtk/channel-display.c +@@ -886,7 +886,7 @@ static void display_handle_mode(SpiceChannel *channel, SpiceMsgIn *in) + + g_warn_if_fail(c->mark == FALSE); + +- surface = spice_new0(display_surface, 1); ++ surface = g_slice_new0(display_surface); + surface->format = mode->bits == 32 ? + SPICE_SURFACE_FMT_32_xRGB : SPICE_SURFACE_FMT_16_555; + surface->width = mode->x_res; +-- +1.8.5.3 + diff --git a/spice-gtk.spec b/spice-gtk.spec index b8b1ac1..86d04af 100644 --- a/spice-gtk.spec +++ b/spice-gtk.spec @@ -13,7 +13,7 @@ Name: spice-gtk Version: 0.23 -Release: 1%{?dist} +Release: 2%{?dist} Summary: A GTK+ widget for SPICE clients Group: System Environment/Libraries @@ -21,6 +21,7 @@ License: LGPLv2+ URL: http://spice-space.org/page/Spice-Gtk #VCS: git:git://anongit.freedesktop.org/spice/spice-gtk Source0: http://www.spice-space.org/download/gtk/%{name}-%{version}%{?_version_suffix}.tar.bz2 +Patch0001: 0001-display-fix-crash-when-releasing-primary-surface.patch BuildRequires: intltool BuildRequires: gtk2-devel >= 2.14 @@ -147,6 +148,7 @@ if [ -n '%{?_version_suffix}' ]; then fi pushd spice-gtk-%{version} +%patch0001 -p1 find . -name '*.stamp' | xargs touch popd @@ -268,6 +270,9 @@ rm -rf %{buildroot}%{_datadir}/pkgconfig/spice-protocol.pc %{_bindir}/spicy-stats %changelog +* Tue Feb 25 2014 Marc-André Lureau - 0.23-2 +- Fix crash on finishing display rhbz#1069546 + * Mon Feb 10 2014 Marc-André Lureau - 0.23-1 - Update to spice-gtk 0.23