From 9b55660e4a4f6bfea0965b2567641492a1feac57 Mon Sep 17 00:00:00 2001 From: Anastasia Belova Date: Fri, 9 Jun 2023 12:23:06 +0300 Subject: [PATCH] vnc: move assert in vnc_worker_thread_loop job may be NULL if queue->exit is true. Check it before dereference job. Fixes: f31f9c1080 ("vnc: add magic cookie to VncState") Signed-off-by: Anastasia Belova Reviewed-by: Michael Tokarev Signed-off-by: Michael Tokarev (cherry picked from commit bdfca8a22f41e7ad47fd2dac71e4d1387e2c0d4e) Signed-off-by: Michael Tokarev --- ui/vnc-jobs.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ui/vnc-jobs.c b/ui/vnc-jobs.c index 886f9bf611..fcca7ec632 100644 --- a/ui/vnc-jobs.c +++ b/ui/vnc-jobs.c @@ -250,12 +250,13 @@ static int vnc_worker_thread_loop(VncJobQueue *queue) /* Here job can only be NULL if queue->exit is true */ job = QTAILQ_FIRST(&queue->jobs); vnc_unlock_queue(queue); - assert(job->vs->magic == VNC_MAGIC); if (queue->exit) { return -1; } + assert(job->vs->magic == VNC_MAGIC); + vnc_lock_output(job->vs); if (job->vs->ioc == NULL || job->vs->abort == true) { vnc_unlock_output(job->vs);