From 5e0a24e8685892f52826567b216fe34f98bc9d58 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= Date: Thu, 5 Aug 2021 17:57:06 +0400 Subject: [PATCH] ui/vdagent: disconnect handlers and reset state on finalize MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Avoid handlers being called with dangling pointers when the object is freed. Signed-off-by: Marc-André Lureau Message-Id: <20210805135715.857938-10-marcandre.lureau@redhat.com> Reviewed-by: Philippe Mathieu-Daudé Acked-by: Gerd Hoffmann --- ui/vdagent.c | 25 +++++++++++++++---------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/ui/vdagent.c b/ui/vdagent.c index 5ae5734c81..1a29016e07 100644 --- a/ui/vdagent.c +++ b/ui/vdagent.c @@ -721,22 +721,26 @@ static void vdagent_chr_accept_input(Chardev *chr) vdagent_send_buf(vd); } +static void vdagent_disconnect(VDAgentChardev *vd) +{ + vdagent_reset_bufs(vd); + vd->caps = 0; + if (vd->mouse_hs) { + qemu_input_handler_deactivate(vd->mouse_hs); + } + if (vd->cbpeer.update.notify) { + qemu_clipboard_peer_unregister(&vd->cbpeer); + memset(&vd->cbpeer, 0, sizeof(vd->cbpeer)); + } +} + static void vdagent_chr_set_fe_open(struct Chardev *chr, int fe_open) { VDAgentChardev *vd = QEMU_VDAGENT_CHARDEV(chr); if (!fe_open) { trace_vdagent_close(); - /* reset state */ - vdagent_reset_bufs(vd); - vd->caps = 0; - if (vd->mouse_hs) { - qemu_input_handler_deactivate(vd->mouse_hs); - } - if (vd->cbpeer.update.notify) { - qemu_clipboard_peer_unregister(&vd->cbpeer); - memset(&vd->cbpeer, 0, sizeof(vd->cbpeer)); - } + vdagent_disconnect(vd); return; } @@ -781,6 +785,7 @@ static void vdagent_chr_fini(Object *obj) { VDAgentChardev *vd = QEMU_VDAGENT_CHARDEV(obj); + vdagent_disconnect(vd); buffer_free(&vd->outbuf); }