vnc: fix use-after-free in vnc_update_client_sync
Spotted by Coverity: 876 static int vnc_update_client_sync(VncState *vs, int has_dirty) 877 { (1) Event freed_arg: "vnc_update_client(VncState *, int)" frees "vs". [details] Also see events: [deref_arg] 878 int ret = vnc_update_client(vs, has_dirty); (2) Event deref_arg: Calling "vnc_jobs_join(VncState *)" dereferences freed pointer "vs". [details] Also see events: [freed_arg] 879 vnc_jobs_join(vs); 880 return ret; 881 } Remove vnc_update_client_sync wrapper, replace it with an additional argument to vnc_update_client, so we can so the sync properly in vnc_update_client (i.e. skip it in case of a client disconnect). Signed-off-by: NGerd Hoffmann <kraxel@redhat.com> Reviewed-by: NMarkus Armbruster <armbru@redhat.com>
Showing
想要评论请 注册 或 登录