red_handle_drawable_surfaces_client_synced was called only from
red_pipe_add_drawable, while it
should also be called from red_pipe_add_drawable_after. Otherwise, the client
might receive a command with a reference to a surface it doesn't hold and crash.
---
server/red_worker.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/server/red_worker.c b/server/red_worker.c
index c7869ad..85bb74c 100644
--- a/server/red_worker.c
+++ b/server/red_worker.c
@@ -1198,6 +1198,7 @@ static inline void
red_pipe_add_drawable_to_tail(RedWorker *worker, Drawable *dr
if (!worker->display_channel) {
return;
}
+ red_handle_drawable_surfaces_client_synced(worker, drawable);
drawable->refs++;
red_pipe_add_tail(&worker->display_channel->common.base,
&drawable->pipe_item);
}
@@ -1213,6 +1214,7 @@ static inline void red_pipe_add_drawable_after(RedWorker
*worker, Drawable *draw
red_pipe_add_drawable(worker, drawable);
return;
}
+ red_handle_drawable_surfaces_client_synced(worker, drawable);
drawable->refs++;
red_channel_pipe_add_after(&worker->display_channel->common.base,
&drawable->pipe_item, &pos_after->pipe_item);
}
--
1.7.4.4
_______________________________________________
Spice-devel mailing list
Spice-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/spice-devel
