Skip to content

Commit

Permalink
GUACAMOLE-377: Stream/object sentinel must be assigned BEFORE returni…
Browse files Browse the repository at this point in the history
…ng index to pool.

Doing otherwise results in a race condition where the index of a valid
stream is changed to -1 by a different thread, breaking assertions and
causing the connection to disconnect.
  • Loading branch information
mike-jumper committed Sep 28, 2024
1 parent 4220670 commit f5ecb6c
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 9 deletions.
7 changes: 4 additions & 3 deletions src/libguac/client.c
Original file line number Diff line number Diff line change
Expand Up @@ -146,12 +146,13 @@ guac_stream* guac_client_alloc_stream(guac_client* client) {

void guac_client_free_stream(guac_client* client, guac_stream* stream) {

/* Release index to pool */
guac_pool_free_int(client->__stream_pool, (stream->index - 1) / 2);

/* Mark stream as closed */
int freed_index = stream->index;
stream->index = GUAC_CLIENT_CLOSED_STREAM_INDEX;

/* Release index to pool */
guac_pool_free_int(client->__stream_pool, (freed_index - 1) / 2);

}

/**
Expand Down
14 changes: 8 additions & 6 deletions src/libguac/user.c
Original file line number Diff line number Diff line change
Expand Up @@ -126,12 +126,13 @@ guac_stream* guac_user_alloc_stream(guac_user* user) {

void guac_user_free_stream(guac_user* user, guac_stream* stream) {

/* Release index to pool */
guac_pool_free_int(user->__stream_pool, stream->index / 2);

/* Mark stream as closed */
int freed_index = stream->index;
stream->index = GUAC_USER_CLOSED_STREAM_INDEX;

/* Release index to pool */
guac_pool_free_int(user->__stream_pool, freed_index / 2);

}

guac_object* guac_user_alloc_object(guac_user* user) {
Expand All @@ -157,12 +158,13 @@ guac_object* guac_user_alloc_object(guac_user* user) {

void guac_user_free_object(guac_user* user, guac_object* object) {

/* Release index to pool */
guac_pool_free_int(user->__object_pool, object->index);

/* Mark object as undefined */
int freed_index = object->index;
object->index = GUAC_USER_UNDEFINED_OBJECT_INDEX;

/* Release index to pool */
guac_pool_free_int(user->__object_pool, freed_index);

}

int guac_user_handle_instruction(guac_user* user, const char* opcode, int argc, char** argv) {
Expand Down

0 comments on commit f5ecb6c

Please sign in to comment.