commit 3e5d48ef33224a915bb2afd7933fbec3c2b232ba Author: Daniel P. Berrange Date: Fri Jul 8 12:33:52 2011 +0100 Fix potential crash in libvirtd with active streams If a client disconnects while it has a stream active, there is a race condition which could see libvirtd crash. This is because the client struct may be freed before the last stream event has triggered. This is trivially solved by holding an extra reference on the client for the stream callbak * daemon/stream.c: Acquire reference on client when adding the stream callback diff --git a/daemon/stream.c b/daemon/stream.c index 56d79c2..28f6c32 100644 --- a/daemon/stream.c +++ b/daemon/stream.c @@ -104,6 +104,15 @@ daemonStreamMessageFinished(virNetMessagePtr msg, daemonStreamUpdateEvents(stream); } + +static void +daemonStreamEventFreeFunc(void *opaque) +{ + virNetServerClientPtr client = opaque; + + virNetServerClientFree(client); +} + /* * Callback that gets invoked when a stream becomes writable/readable */ @@ -361,9 +370,11 @@ int daemonAddClientStream(virNetServerClientPtr client, } if (virStreamEventAddCallback(stream->st, 0, - daemonStreamEvent, client, NULL) < 0) + daemonStreamEvent, client, + daemonStreamEventFreeFunc) < 0) return -1; + virNetServerClientRef(client); if ((stream->filterID = virNetServerClientAddFilter(client, daemonStreamFilter, stream)) < 0) {