ui/vdagent: disconnect handlers and reset state on finalize

Avoid handlers being called with dangling pointers when the object is
freed.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20210805135715.857938-10-marcandre.lureau@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
This commit is contained in:
Marc-André Lureau 2021-08-05 17:57:06 +04:00
parent 7424bfaa99
commit 5e0a24e868

View File

@ -721,22 +721,26 @@ static void vdagent_chr_accept_input(Chardev *chr)
vdagent_send_buf(vd); vdagent_send_buf(vd);
} }
static void vdagent_disconnect(VDAgentChardev *vd)
{
vdagent_reset_bufs(vd);
vd->caps = 0;
if (vd->mouse_hs) {
qemu_input_handler_deactivate(vd->mouse_hs);
}
if (vd->cbpeer.update.notify) {
qemu_clipboard_peer_unregister(&vd->cbpeer);
memset(&vd->cbpeer, 0, sizeof(vd->cbpeer));
}
}
static void vdagent_chr_set_fe_open(struct Chardev *chr, int fe_open) static void vdagent_chr_set_fe_open(struct Chardev *chr, int fe_open)
{ {
VDAgentChardev *vd = QEMU_VDAGENT_CHARDEV(chr); VDAgentChardev *vd = QEMU_VDAGENT_CHARDEV(chr);
if (!fe_open) { if (!fe_open) {
trace_vdagent_close(); trace_vdagent_close();
/* reset state */ vdagent_disconnect(vd);
vdagent_reset_bufs(vd);
vd->caps = 0;
if (vd->mouse_hs) {
qemu_input_handler_deactivate(vd->mouse_hs);
}
if (vd->cbpeer.update.notify) {
qemu_clipboard_peer_unregister(&vd->cbpeer);
memset(&vd->cbpeer, 0, sizeof(vd->cbpeer));
}
return; return;
} }
@ -781,6 +785,7 @@ static void vdagent_chr_fini(Object *obj)
{ {
VDAgentChardev *vd = QEMU_VDAGENT_CHARDEV(obj); VDAgentChardev *vd = QEMU_VDAGENT_CHARDEV(obj);
vdagent_disconnect(vd);
buffer_free(&vd->outbuf); buffer_free(&vd->outbuf);
} }