RedCharDevice used for the agent has flow control enabled. This make possible for red_char_device_write_buffer_get to return NULL. Handle such situation without crashing avoiding NULL dereference.
This fixes https://bugs.freedesktop.org/show_bug.cgi?id=95416. Signed-off-by: Frediano Ziglio <fzig...@redhat.com> --- server/reds.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/server/reds.c b/server/reds.c index e4d806c..72dee84 100644 --- a/server/reds.c +++ b/server/reds.c @@ -1120,6 +1120,9 @@ uint8_t *reds_get_agent_data_buffer(RedsState *reds, MainChannelClient *mcc, siz dev->priv->recv_from_client_buf = red_char_device_write_buffer_get(RED_CHAR_DEVICE(dev), client, size + sizeof(VDIChunkHeader)); + if (!dev->priv->recv_from_client_buf) { + return NULL; + } dev->priv->recv_from_client_buf_pushed = FALSE; return dev->priv->recv_from_client_buf->buf + sizeof(VDIChunkHeader); } -- 2.7.4 _______________________________________________ Spice-devel mailing list Spice-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/spice-devel
