From b1d7c2caf496e7236fe43c69fd380fedb830a979 Mon Sep 17 00:00:00 2001 From: Michal Srb Date: Tue, 26 Sep 2017 13:45:36 +0200 Subject: [PATCH] Unset pixel buffer when x0vncserver client disconnects. In XDesktop::start() we allocate pixel buffer and set it as the backend to the given VNCServer. In XDesktop::stop() we deallocate the buffer, so we must unset it from the VNCServer as well. Otherwise the VNCServer could try to access it and crash, for example in deferred update. --- common/rfb/VNCServerST.cxx | 14 ++++---------- unix/x0vncserver/x0vncserver.cxx | 6 +++++- 2 files changed, 9 insertions(+), 11 deletions(-) diff --git a/common/rfb/VNCServerST.cxx b/common/rfb/VNCServerST.cxx index 46c4be9b..99480133 100644 --- a/common/rfb/VNCServerST.cxx +++ b/common/rfb/VNCServerST.cxx @@ -313,6 +313,8 @@ void VNCServerST::setPixelBuffer(PixelBuffer* pb_, const ScreenSet& layout) screenLayout = layout; if (!pb) { + stopFrameClock(); + if (desktopStarted) throw Exception("setPixelBuffer: null PixelBuffer when desktopStarted?"); return; @@ -337,18 +339,10 @@ void VNCServerST::setPixelBuffer(PixelBuffer* pb_, const ScreenSet& layout) void VNCServerST::setPixelBuffer(PixelBuffer* pb_) { - ScreenSet layout; - - if (!pb_) { - if (desktopStarted) - throw Exception("setPixelBuffer: null PixelBuffer when desktopStarted?"); - return; - } - - layout = screenLayout; + ScreenSet layout = screenLayout; // Check that the screen layout is still valid - if (!layout.validate(pb_->width(), pb_->height())) { + if (pb_ && !layout.validate(pb_->width(), pb_->height())) { Rect fbRect; ScreenSet::iterator iter, iter_next; diff --git a/unix/x0vncserver/x0vncserver.cxx b/unix/x0vncserver/x0vncserver.cxx index 6fd6bc3b..ed5b1a10 100644 --- a/unix/x0vncserver/x0vncserver.cxx +++ b/unix/x0vncserver/x0vncserver.cxx @@ -270,7 +270,8 @@ public: TXWindow::setGlobalEventHandler(this); } virtual ~XDesktop() { - stop(); + if (running) + stop(); } inline void poll() { @@ -327,6 +328,9 @@ public: XDamageDestroy(dpy, damage); #endif + server->setPixelBuffer(0); + server = 0; + delete pb; pb = 0; } -- 2.12.3