The websock code will create a GSource for tracking completion of the
handshake process, passing a QIOTask which is freed by the callback
when it completes, which means when a source is cancelled, nothing is
free'ing the task.
Switch to provide a data free callback to the GSource, which ensures
the QIOTask is always freed even when the main event callback never
fires.
Fixes: https://gitlab.com/qemu-project/qemu/-/issues/3114
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
io/channel-websock.c | 49 +++++++++++++++++++++++++++++++-------------
1 file changed, 35 insertions(+), 14 deletions(-)
diff --git a/io/channel-websock.c b/io/channel-websock.c
index 100faba6b3..9902b014f7 100644
--- a/io/channel-websock.c
+++ b/io/channel-websock.c
@@ -526,11 +526,32 @@ static int qio_channel_websock_handshake_read(QIOChannelWebsock *ioc,
return 1;
}
+typedef struct QIOChannelWebsockData {
+ QIOTask *task;
+} QIOChannelWebsockData;
+
+static void qio_channel_websock_data_free(gpointer user_data)
+{
+ QIOChannelWebsockData *data = user_data;
+ /*
+ * Usually 'task' will be NULL since the GSource
+ * callback will either complete the task or pass
+ * it on to a new GSource. We'll see a non-NULL
+ * task here only if the GSource was released before
+ * its callback triggers
+ */
+ if (data->task) {
+ qio_task_free(data->task);
+ }
+ g_free(data);
+}
+
static gboolean qio_channel_websock_handshake_send(QIOChannel *ioc,
GIOCondition condition,
gpointer user_data)
{
- QIOTask *task = user_data;
+ QIOChannelWebsockData *data = user_data;
+ QIOTask *task = data->task;
QIOChannelWebsock *wioc = QIO_CHANNEL_WEBSOCK(
qio_task_get_source(task));
Error *err = NULL;
@@ -545,7 +566,6 @@ static gboolean qio_channel_websock_handshake_send(QIOChannel *ioc,
trace_qio_channel_websock_handshake_fail(ioc, error_get_pretty(err));
qio_task_set_error(task, err);
qio_task_complete(task);
- qio_task_free(task);
wioc->hs_io_tag = 0;
return FALSE;
}
@@ -562,7 +582,6 @@ static gboolean qio_channel_websock_handshake_send(QIOChannel *ioc,
trace_qio_channel_websock_handshake_complete(ioc);
qio_task_complete(task);
}
- qio_task_free(task);
wioc->hs_io_tag = 0;
return FALSE;
}
@@ -574,7 +593,8 @@ static gboolean qio_channel_websock_handshake_io(QIOChannel *ioc,
GIOCondition condition,
gpointer user_data)
{
- QIOTask *task = user_data;
+ QIOChannelWebsockData *data = user_data, *newdata = NULL;
+ QIOTask *task = data->task;
QIOChannelWebsock *wioc = QIO_CHANNEL_WEBSOCK(
qio_task_get_source(task));
Error *err = NULL;
@@ -590,7 +610,6 @@ static gboolean qio_channel_websock_handshake_io(QIOChannel *ioc,
trace_qio_channel_websock_handshake_fail(ioc, error_get_pretty(err));
qio_task_set_error(task, err);
qio_task_complete(task);
- qio_task_free(task);
wioc->hs_io_tag = 0;
return FALSE;
}
@@ -603,12 +622,14 @@ static gboolean qio_channel_websock_handshake_io(QIOChannel *ioc,
error_propagate(&wioc->io_err, err);
trace_qio_channel_websock_handshake_reply(ioc);
+ newdata = g_new0(QIOChannelWebsockData, 1);
+ newdata->task = g_steal_pointer(&data->task);
wioc->hs_io_tag = qio_channel_add_watch(
wioc->master,
G_IO_OUT,
qio_channel_websock_handshake_send,
- task,
- NULL);
+ newdata,
+ qio_channel_websock_data_free);
return FALSE;
}
@@ -904,12 +925,12 @@ void qio_channel_websock_handshake(QIOChannelWebsock *ioc,
gpointer opaque,
GDestroyNotify destroy)
{
- QIOTask *task;
+ QIOChannelWebsockData *data = g_new0(QIOChannelWebsockData, 1);
- task = qio_task_new(OBJECT(ioc),
- func,
- opaque,
- destroy);
+ data->task = qio_task_new(OBJECT(ioc),
+ func,
+ opaque,
+ destroy);
trace_qio_channel_websock_handshake_start(ioc);
trace_qio_channel_websock_handshake_pending(ioc, G_IO_IN);
@@ -917,8 +938,8 @@ void qio_channel_websock_handshake(QIOChannelWebsock *ioc,
ioc->master,
G_IO_IN,
qio_channel_websock_handshake_io,
- task,
- NULL);
+ data,
+ qio_channel_websock_data_free);
}
--
2.53.0