Commit f31f9c10 authored by Gerd Hoffmann's avatar Gerd Hoffmann
Browse files

vnc: add magic cookie to VncState 



Set magic cookie on initialization.  Clear on cleanup.  Sprinkle a bunch
of assert()s checking the cookie, to verify the pointer is valid.

Signed-off-by: default avatarGerd Hoffmann <kraxel@redhat.com>
Message-id: 20180507102254.12107-1-kraxel@redhat.com
parent 4f4cb828

ui/vnc-jobs.c

+4 −0
Original line number Diff line number Diff line
@@ -82,6 +82,7 @@ VncJob *vnc_job_new(VncState *vs) 
{

    VncJob *job = g_new0(VncJob, 1);



    assert(vs->magic == VNC_MAGIC);

    job->vs = vs;

    vnc_lock_queue(queue);

    QLIST_INIT(&job->rectangles);
@@ -214,6 +215,7 @@ static int vnc_worker_thread_loop(VncJobQueue *queue) 
    /* Here job can only be NULL if queue->exit is true */

    job = QTAILQ_FIRST(&queue->jobs);

    vnc_unlock_queue(queue);

    assert(job->vs->magic == VNC_MAGIC);



    if (queue->exit) {

        return -1;
@@ -236,6 +238,7 @@ static int vnc_worker_thread_loop(VncJobQueue *queue) 


    /* Make a local copy of vs and switch output buffers */

    vnc_async_encoding_start(job->vs, &vs);

    vs.magic = VNC_MAGIC;



    /* Start sending rectangles */

    n_rectangles = 0;
@@ -289,6 +292,7 @@ disconnected: 
    vnc_unlock_queue(queue);

    qemu_cond_broadcast(&queue->cond);

    g_free(job);

    vs.magic = 0;

    return 0;

}

ui/vnc.c

+9 −1
Original line number Diff line number Diff line
@@ -1138,6 +1138,7 @@ static void audio_capture_notify(void *opaque, audcnotification_e cmd) 
{

    VncState *vs = opaque;



    assert(vs->magic == VNC_MAGIC);

    switch (cmd) {

    case AUD_CNOTIFY_DISABLE:

        vnc_lock_output(vs);
@@ -1167,6 +1168,7 @@ static void audio_capture(void *opaque, void *buf, int size) 
{

    VncState *vs = opaque;



    assert(vs->magic == VNC_MAGIC);

    vnc_lock_output(vs);

    if (vs->output.offset < vs->throttle_output_offset) {

        vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
@@ -1275,6 +1277,7 @@ void vnc_disconnect_finish(VncState *vs) 
    vs->ioc = NULL;

    object_unref(OBJECT(vs->sioc));

    vs->sioc = NULL;

    vs->magic = 0;

    g_free(vs);

}
@@ -1414,7 +1417,7 @@ static void vnc_client_write_locked(VncState *vs) 


static void vnc_client_write(VncState *vs)

{



    assert(vs->magic == VNC_MAGIC);

    vnc_lock_output(vs);

    if (vs->output.offset) {

        vnc_client_write_locked(vs);
@@ -1487,6 +1490,7 @@ static void vnc_jobs_bh(void *opaque) 
{

    VncState *vs = opaque;



    assert(vs->magic == VNC_MAGIC);

    vnc_jobs_consume_buffer(vs);

}
@@ -1537,6 +1541,8 @@ gboolean vnc_client_io(QIOChannel *ioc G_GNUC_UNUSED, 
                       GIOCondition condition, void *opaque)

{

    VncState *vs = opaque;



    assert(vs->magic == VNC_MAGIC);

    if (condition & G_IO_IN) {

        if (vnc_client_read(vs) < 0) {

            /* vs is free()ed here */
@@ -1568,6 +1574,7 @@ gboolean vnc_client_io(QIOChannel *ioc G_GNUC_UNUSED, 


void vnc_write(VncState *vs, const void *data, size_t len)

{

    assert(vs->magic == VNC_MAGIC);

    if (vs->disconnecting) {

        return;

    }
@@ -3064,6 +3071,7 @@ static void vnc_connect(VncDisplay *vd, QIOChannelSocket *sioc, 
    int i;



    trace_vnc_client_connect(vs, sioc);

    vs->magic = VNC_MAGIC;

    vs->sioc = sioc;

    object_ref(OBJECT(vs->sioc));

    vs->ioc = QIO_CHANNEL(sioc);

ui/vnc.h

+3 −0
Original line number Diff line number Diff line
@@ -255,8 +255,11 @@ typedef enum { 
    VNC_STATE_UPDATE_FORCE,

} VncStateUpdate;



#define VNC_MAGIC ((uint64_t)0x05b3f069b3d204bb)



struct VncState

{

    uint64_t magic;

    QIOChannelSocket *sioc; /* The underlying socket */

    QIOChannel *ioc; /* The channel currently used for I/O */

    guint ioc_tag;