Re: [virt-tools-list] [remote-viewer v1] remote-viewer: fix free on dangling pointer

2019-09-30 Thread Victor Toso 
Hi,

On Fri, Sep 27, 2019 at 04:21:58PM -0300, Eduardo Lima (Etrunko) wrote:
> On 9/27/19 10:35 AM, Victor Toso wrote:
> >   static gboolean
> > -create_ovirt_session(VirtViewerApp *app, const char *uri, GError **err)
> > +create_ovirt_session(VirtViewerApp *app, GError **err)
> >   {
> >   OvirtProxy *proxy = NULL;
> >   OvirtApi *api = NULL;
> > @@ -421,9 +421,11 @@ create_ovirt_session(VirtViewerApp *app, const char 
> > *uri, GError **err)
> >   gchar *ticket = NULL;
> >   gchar *host_subject = NULL;
> >   gchar *guid = NULL;
> > +gchar *guri = NULL;
> >   g_return_val_if_fail(VIRT_VIEWER_IS_APP(app), FALSE);
> > +g_object_get(app, "guri", &guri, NULL);
> >   if (!parse_ovirt_uri(uri, &rest_uri, &vm_name, &username)) {
> 
> Patch does not build. Are you sure your configure passes the ovirt checks?

I'm sure that I build without ovirt :)
Fixed, I'll send a v2. Many thanks for checking!

> remote-viewer.c: In function 'create_ovirt_session':
> remote-viewer.c:430:26: error: 'uri' undeclared (first use in this
> function); did you mean 'guri'?
>   430 | if (!parse_ovirt_uri(uri, &rest_uri, &vm_name, &username)) {
>   |  ^~~
>   |  guri
> remote-viewer.c:430:26: note: each undeclared identifier is reported only
> once for each function it appears in
> 
> 
> 
> >   g_set_error_literal(&error, VIRT_VIEWER_ERROR, 
> > VIRT_VIEWER_ERROR_FAILED,
> >   _("failed to parse ovirt uri"));
> > @@ -561,6 +563,7 @@ create_ovirt_session(VirtViewerApp *app, const char 
> > *uri, GError **err)
> >   success = TRUE;
> >   error:
> > +g_free(guri);
> >   g_free(username);
> >   g_free(rest_uri);
> >   g_free(vm_name);
> > @@ -645,17 +648,16 @@ remote_viewer_recent_add(gchar *uri, const gchar 
> > *mime_type)
> >   static void
> >   remote_viewer_session_connected(VirtViewerSession *session,
> > -gchar *guri)
> > +VirtViewerApp *app)
> >   {
> >   gchar *uri = virt_viewer_session_get_uri(session);
> >   const gchar *mime = virt_viewer_session_mime_type(session);
> >   if (uri == NULL)
> > -uri = g_strdup(guri);
> > +g_object_get(app, "guri", &uri, NULL);
> >   remote_viewer_recent_add(uri, mime);
> >   g_free(uri);
> > -g_free(guri);
> >   }
> >   static gchar *
> > @@ -675,14 +677,14 @@ read_all_stdin(gsize *len, GError **err)
> >   }
> >   static gboolean
> > -remote_viewer_initial_connect(RemoteViewer *self, const gchar *type, const 
> > gchar *guri,
> > +remote_viewer_initial_connect(RemoteViewer *self, const gchar *type,
> > VirtViewerFile *vvfile, GError **error)
> >   {
> >   VirtViewerApp *app = VIRT_VIEWER_APP(self);
> >   #ifdef HAVE_OVIRT
> >   if (g_strcmp0(type, "ovirt") == 0) {
> > -if (!create_ovirt_session(app, guri, error)) {
> > +if (!create_ovirt_session(app, error)) {
> >   g_prefix_error(error, _("Couldn't open oVirt session: "));
> >   return FALSE;
> >   }
> > @@ -694,7 +696,7 @@ remote_viewer_initial_connect(RemoteViewer *self, const 
> > gchar *type, const gchar
> >   }
> >   g_signal_connect(virt_viewer_app_get_session(app), 
> > "session-connected",
> > - G_CALLBACK(remote_viewer_session_connected), 
> > g_strdup(guri));
> > + G_CALLBACK(remote_viewer_session_connected), app);
> >   virt_viewer_session_set_file(virt_viewer_app_get_session(app), 
> > vvfile);
> >   #ifdef HAVE_OVIRT
> > @@ -787,7 +789,7 @@ retry_dialog:
> >   _("Cannot determine the connection type 
> > from URI"));
> >   goto cleanup;
> >   }
> > -if (!remote_viewer_initial_connect(self, type, guri, vvfile, 
> > &error))
> > +if (!remote_viewer_initial_connect(self, type, vvfile, &error))
> >   goto cleanup;
> >   }
> > 
> 
> 
> -- 
> Eduardo de Barros Lima (Etrunko)
> Software Engineer - Red Hat
> etru...@redhat.com


signature.asc
Description: PGP signature
___
virt-tools-list mailing list
virt-tools-list@redhat.com
https://www.redhat.com/mailman/listinfo/virt-tools-list

Re: [virt-tools-list] [remote-viewer v1] remote-viewer: fix free on dangling pointer

2019-09-27 Thread Eduardo Lima (Etrunko) 

On 9/27/19 10:35 AM, Victor Toso wrote:

From: Victor Toso 

On remote_viewer_session_connected() we are passing a dup of URI of
connection and freeing it afterwards. Problem is, we don't disconnect
from listening "session-connected" and on an eventual second emission
of this signal, remote-viewer crashes as seen in the backtrace below.

This can happen over switch-host migration message from
SpiceMainChannel.

To fix the issue, use VirtViewerApp URI information instead of passing
a dup char*. The other changes in this patch were warnings of unused
variables.

Found it while improving migrate.py from spice/tests (server):
  | Invalid free() / delete / delete[] / realloc()
  |at 0x4839A0C: free (vg_replace_malloc.c:540)
  |by 0x56EBD8C: g_free (in /usr/lib64/libglib-2.0.so.0.6000.6)
  |by 0x11DED0: remote_viewer_session_connected (remote-viewer.c:658)
  |by 0x564D741: g_closure_invoke (in /usr/lib64/libgobject-2.0.so.0.6000.6)
  |by 0x56614F3: ??? (in /usr/lib64/libgobject-2.0.so.0.6000.6)
  |by 0x566A34D: g_signal_emit_valist (in 
/usr/lib64/libgobject-2.0.so.0.6000.6)
  |by 0x566AF68: g_signal_emit_by_name (in 
/usr/lib64/libgobject-2.0.so.0.6000.6)
  |by 0x135E5D: virt_viewer_session_spice_main_channel_event 
(virt-viewer-session-spice.c:699)
  |by 0x564D741: g_closure_invoke (in /usr/lib64/libgobject-2.0.so.0.6000.6)
  |by 0x56614F3: ??? (in /usr/lib64/libgobject-2.0.so.0.6000.6)
  |by 0x566A34D: g_signal_emit_valist (in 
/usr/lib64/libgobject-2.0.so.0.6000.6)
  |by 0x53149E3: emit_main_context (gio-coroutine.c:198)
  |  Address 0x18f1ecc0 is 0 bytes inside a block of size 23 free'd
  |at 0x4839A0C: free (vg_replace_malloc.c:540)
  |by 0x56EBD8C: g_free (in /usr/lib64/libglib-2.0.so.0.6000.6)
  |by 0x11DED0: remote_viewer_session_connected (remote-viewer.c:658)
  |by 0x564D741: g_closure_invoke (in /usr/lib64/libgobject-2.0.so.0.6000.6)
  |by 0x56614F3: ??? (in /usr/lib64/libgobject-2.0.so.0.6000.6)
  |by 0x566A34D: g_signal_emit_valist (in 
/usr/lib64/libgobject-2.0.so.0.6000.6)
  |by 0x566AF68: g_signal_emit_by_name (in 
/usr/lib64/libgobject-2.0.so.0.6000.6)
  |by 0x135E5D: virt_viewer_session_spice_main_channel_event 
(virt-viewer-session-spice.c:699)
  |by 0x564D741: g_closure_invoke (in /usr/lib64/libgobject-2.0.so.0.6000.6)
  |by 0x56614F3: ??? (in /usr/lib64/libgobject-2.0.so.0.6000.6)
  |by 0x566A34D: g_signal_emit_valist (in 
/usr/lib64/libgobject-2.0.so.0.6000.6)
  |by 0x53149E3: emit_main_context (gio-coroutine.c:198)
  |  Block was alloc'd at
  |at 0x483880B: malloc (vg_replace_malloc.c:309)
  |by 0x56EBC98: g_malloc (in /usr/lib64/libglib-2.0.so.0.6000.6)
  |by 0x5705C43: g_strdup (in /usr/lib64/libglib-2.0.so.0.6000.6)
  |by 0x11EB80: remote_viewer_initial_connect (remote-viewer.c:696)
  |by 0x11EB80: remote_viewer_start (remote-viewer.c:790)
  |by 0x1250D3: virt_viewer_app_start (virt-viewer-app.c:1727)
  |by 0x127108: virt_viewer_app_on_application_startup 
(virt-viewer-app.c:1870)
  |by 0x564D741: g_closure_invoke (in /usr/lib64/libgobject-2.0.so.0.6000.6)
  |by 0x5661638: ??? (in /usr/lib64/libgobject-2.0.so.0.6000.6)
  |by 0x566A34D: g_signal_emit_valist (in 
/usr/lib64/libgobject-2.0.so.0.6000.6)
  |by 0x566A972: g_signal_emit (in /usr/lib64/libgobject-2.0.so.0.6000.6)
  |by 0x553ECA1: g_application_register (in 
/usr/lib64/libgio-2.0.so.0.6000.6)
  |by 0x553F41D: g_application_run (in /usr/lib64/libgio-2.0.so.0.6000.6)

Signed-off-by: Victor Toso 
---
  src/remote-viewer.c | 18 ++
  1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/src/remote-viewer.c b/src/remote-viewer.c
index 8938ef9..2818221 100644
--- a/src/remote-viewer.c
+++ b/src/remote-viewer.c
@@ -396,7 +396,7 @@ virt_viewer_app_set_ovirt_foreign_menu(VirtViewerApp *app,
  }
  
  static gboolean

-create_ovirt_session(VirtViewerApp *app, const char *uri, GError **err)
+create_ovirt_session(VirtViewerApp *app, GError **err)
  {
  OvirtProxy *proxy = NULL;
  OvirtApi *api = NULL;
@@ -421,9 +421,11 @@ create_ovirt_session(VirtViewerApp *app, const char *uri, 
GError **err)
  gchar *ticket = NULL;
  gchar *host_subject = NULL;
  gchar *guid = NULL;
+gchar *guri = NULL;
  
  g_return_val_if_fail(VIRT_VIEWER_IS_APP(app), FALSE);
  
+g_object_get(app, "guri", &guri, NULL);

  if (!parse_ovirt_uri(uri, &rest_uri, &vm_name, &username)) {


Patch does not build. Are you sure your configure passes the ovirt checks?


remote-viewer.c: In function 'create_ovirt_session':
remote-viewer.c:430:26: error: 'uri' undeclared (first use in this 
function); did you mean 'guri'?

  430 | if (!parse_ovirt_uri(uri, &rest_uri, &vm_name, &username)) {
  |  ^~~
  |  guri
remote-viewer.c:430:26: note: each undeclared identifier is reported 
only once for each function it appears in

[virt-tools-list] [remote-viewer v1] remote-viewer: fix free on dangling pointer

2019-09-27 Thread Victor Toso 
From: Victor Toso 

On remote_viewer_session_connected() we are passing a dup of URI of
connection and freeing it afterwards. Problem is, we don't disconnect
from listening "session-connected" and on an eventual second emission
of this signal, remote-viewer crashes as seen in the backtrace below.

This can happen over switch-host migration message from
SpiceMainChannel.

To fix the issue, use VirtViewerApp URI information instead of passing
a dup char*. The other changes in this patch were warnings of unused
variables.

Found it while improving migrate.py from spice/tests (server):
 | Invalid free() / delete / delete[] / realloc()
 |at 0x4839A0C: free (vg_replace_malloc.c:540)
 |by 0x56EBD8C: g_free (in /usr/lib64/libglib-2.0.so.0.6000.6)
 |by 0x11DED0: remote_viewer_session_connected (remote-viewer.c:658)
 |by 0x564D741: g_closure_invoke (in /usr/lib64/libgobject-2.0.so.0.6000.6)
 |by 0x56614F3: ??? (in /usr/lib64/libgobject-2.0.so.0.6000.6)
 |by 0x566A34D: g_signal_emit_valist (in 
/usr/lib64/libgobject-2.0.so.0.6000.6)
 |by 0x566AF68: g_signal_emit_by_name (in 
/usr/lib64/libgobject-2.0.so.0.6000.6)
 |by 0x135E5D: virt_viewer_session_spice_main_channel_event 
(virt-viewer-session-spice.c:699)
 |by 0x564D741: g_closure_invoke (in /usr/lib64/libgobject-2.0.so.0.6000.6)
 |by 0x56614F3: ??? (in /usr/lib64/libgobject-2.0.so.0.6000.6)
 |by 0x566A34D: g_signal_emit_valist (in 
/usr/lib64/libgobject-2.0.so.0.6000.6)
 |by 0x53149E3: emit_main_context (gio-coroutine.c:198)
 |  Address 0x18f1ecc0 is 0 bytes inside a block of size 23 free'd
 |at 0x4839A0C: free (vg_replace_malloc.c:540)
 |by 0x56EBD8C: g_free (in /usr/lib64/libglib-2.0.so.0.6000.6)
 |by 0x11DED0: remote_viewer_session_connected (remote-viewer.c:658)
 |by 0x564D741: g_closure_invoke (in /usr/lib64/libgobject-2.0.so.0.6000.6)
 |by 0x56614F3: ??? (in /usr/lib64/libgobject-2.0.so.0.6000.6)
 |by 0x566A34D: g_signal_emit_valist (in 
/usr/lib64/libgobject-2.0.so.0.6000.6)
 |by 0x566AF68: g_signal_emit_by_name (in 
/usr/lib64/libgobject-2.0.so.0.6000.6)
 |by 0x135E5D: virt_viewer_session_spice_main_channel_event 
(virt-viewer-session-spice.c:699)
 |by 0x564D741: g_closure_invoke (in /usr/lib64/libgobject-2.0.so.0.6000.6)
 |by 0x56614F3: ??? (in /usr/lib64/libgobject-2.0.so.0.6000.6)
 |by 0x566A34D: g_signal_emit_valist (in 
/usr/lib64/libgobject-2.0.so.0.6000.6)
 |by 0x53149E3: emit_main_context (gio-coroutine.c:198)
 |  Block was alloc'd at
 |at 0x483880B: malloc (vg_replace_malloc.c:309)
 |by 0x56EBC98: g_malloc (in /usr/lib64/libglib-2.0.so.0.6000.6)
 |by 0x5705C43: g_strdup (in /usr/lib64/libglib-2.0.so.0.6000.6)
 |by 0x11EB80: remote_viewer_initial_connect (remote-viewer.c:696)
 |by 0x11EB80: remote_viewer_start (remote-viewer.c:790)
 |by 0x1250D3: virt_viewer_app_start (virt-viewer-app.c:1727)
 |by 0x127108: virt_viewer_app_on_application_startup 
(virt-viewer-app.c:1870)
 |by 0x564D741: g_closure_invoke (in /usr/lib64/libgobject-2.0.so.0.6000.6)
 |by 0x5661638: ??? (in /usr/lib64/libgobject-2.0.so.0.6000.6)
 |by 0x566A34D: g_signal_emit_valist (in 
/usr/lib64/libgobject-2.0.so.0.6000.6)
 |by 0x566A972: g_signal_emit (in /usr/lib64/libgobject-2.0.so.0.6000.6)
 |by 0x553ECA1: g_application_register (in 
/usr/lib64/libgio-2.0.so.0.6000.6)
 |by 0x553F41D: g_application_run (in /usr/lib64/libgio-2.0.so.0.6000.6)

Signed-off-by: Victor Toso 
---
 src/remote-viewer.c | 18 ++
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/src/remote-viewer.c b/src/remote-viewer.c
index 8938ef9..2818221 100644
--- a/src/remote-viewer.c
+++ b/src/remote-viewer.c
@@ -396,7 +396,7 @@ virt_viewer_app_set_ovirt_foreign_menu(VirtViewerApp *app,
 }
 
 static gboolean
-create_ovirt_session(VirtViewerApp *app, const char *uri, GError **err)
+create_ovirt_session(VirtViewerApp *app, GError **err)
 {
 OvirtProxy *proxy = NULL;
 OvirtApi *api = NULL;
@@ -421,9 +421,11 @@ create_ovirt_session(VirtViewerApp *app, const char *uri, 
GError **err)
 gchar *ticket = NULL;
 gchar *host_subject = NULL;
 gchar *guid = NULL;
+gchar *guri = NULL;
 
 g_return_val_if_fail(VIRT_VIEWER_IS_APP(app), FALSE);
 
+g_object_get(app, "guri", &guri, NULL);
 if (!parse_ovirt_uri(uri, &rest_uri, &vm_name, &username)) {
 g_set_error_literal(&error, VIRT_VIEWER_ERROR, 
VIRT_VIEWER_ERROR_FAILED,
 _("failed to parse ovirt uri"));
@@ -561,6 +563,7 @@ create_ovirt_session(VirtViewerApp *app, const char *uri, 
GError **err)
 success = TRUE;
 
 error:
+g_free(guri);
 g_free(username);
 g_free(rest_uri);
 g_free(vm_name);
@@ -645,17 +648,16 @@ remote_viewer_recent_add(gchar *uri, const gchar 
*mime_type)
 
 static void
 remote_viewer_session_connected(VirtViewerSession *session,
-gchar *guri)
+