Stephen L. De Rudder created GUACAMOLE-2083:
-----------------------------------------------
Summary: guac_rwlock_acquire_write_lock is called after
guac_rwlock_destroy is called on a lock
Key: GUACAMOLE-2083
URL: https://issues.apache.org/jira/browse/GUACAMOLE-2083
Project: Guacamole
Issue Type: Bug
Components: guacd
Affects Versions: 1.6.0
Reporter: Stephen L. De Rudder
guac_display_free does:
guac_rwlock_destroy(&display->last_frame.lock);
guac_rwlock_destroy(&display->pending_frame.lock);
then calls:
guac_display_free_layer(display->pending_frame.layers);
guac_display_free_layer(display->last_frame.layers);
and in guac_display_free_layer it calls:
guac_display_remove_layer(display_layer);
that then does
guac_display* display = display_layer->display;
/*
* Remove layer from pending frame
*/
guac_rwlock_acquire_write_lock(&display->pending_frame.lock);
but display->pending_frame.lock has been destroyed.
Fix is:
void guac_display_free(guac_display* display) {
guac_display_stop(display);
/* All locks, FIFOs, etc. are now unused and can be safely destroyed */
guac_flag_destroy(&display->render_state);
guac_fifo_destroy(&display->ops);
/* Free all layers within the pending_frame list (NOTE: This will also free
* those layers from the last_frame list) */
while (display->pending_frame.layers != NULL)
guac_display_free_layer(display->pending_frame.layers);
/* Free any remaining layers that were present only on the last_frame list
* and not on the pending_frame list */
while (display->last_frame.layers != NULL)
guac_display_free_layer(display->last_frame.layers);
guac_rwlock_destroy(&display->last_frame.lock);
guac_rwlock_destroy(&display->pending_frame.lock);
guac_mem_free(display);
}
Thanks,
SLDR
(Stephen L. De Rudder)
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
