Commit bdd4df33 authored by Gerd Hoffmann's avatar Gerd Hoffmann
Browse files

spice: fix initialization order 



Register displaychangelistener last, after spice is fully initialized,
otherwise we may hit NULL pointer dereferences when qemu starts calling
our callbacks.

Commit e250d949 triggers this bug.

Signed-off-by: default avatarGerd Hoffmann <kraxel@redhat.com>
parent 365b1e9e

hw/qxl.c

+8 −2
Original line number Diff line number Diff line
@@ -2049,6 +2049,7 @@ static int qxl_init_primary(PCIDevice *dev) 
    PCIQXLDevice *qxl = DO_UPCAST(PCIQXLDevice, pci, dev);

    VGACommonState *vga = &qxl->vga;

    PortioList *qxl_vga_port_list = g_new(PortioList, 1);

    int rc;



    qxl->id = 0;

    qxl_init_ramsize(qxl);
@@ -2063,9 +2064,14 @@ static int qxl_init_primary(PCIDevice *dev) 
    qemu_spice_display_init_common(&qxl->ssd, vga->ds);



    qxl0 = qxl;

    register_displaychangelistener(vga->ds, &display_listener);



    return qxl_init_common(qxl);

    rc = qxl_init_common(qxl);

    if (rc != 0) {

        return rc;

    }



    register_displaychangelistener(vga->ds, &display_listener);

    return rc;

}



static int qxl_init_secondary(PCIDevice *dev)

ui/spice-display.c

+1 −1
Original line number Diff line number Diff line
@@ -573,7 +573,6 @@ void qemu_spice_display_init(DisplayState *ds) 
{

    assert(sdpy.ds == NULL);

    qemu_spice_display_init_common(&sdpy, ds);

    register_displaychangelistener(ds, &display_listener);



    sdpy.qxl.base.sif = &dpy_interface.base;

    qemu_spice_add_interface(&sdpy.qxl.base);
@@ -581,4 +580,5 @@ void qemu_spice_display_init(DisplayState *ds) 


    qemu_spice_create_host_memslot(&sdpy);

    qemu_spice_create_host_primary(&sdpy);

    register_displaychangelistener(ds, &display_listener);

}