path: root/rpc
diff options
authorAnand Avati <>2013-04-25 22:46:50 -0700
committerVijay Bellur <>2013-05-13 01:54:45 -0700
commit7ad8b05dc3003102ac192b1bb6bcae5c57e148cf (patch)
treea9340bd91590f1ae5a3dbb541e8ec7c55c81f5c4 /rpc
parent0d415f7f8c08edc7b7af88567bb5ec4803defc94 (diff)
rpcsvc: fix dangerous setting of pointer on free'd structure
The current code is setting @req->hdr_iobuf = NULL _after_ calling actor_fn() on @req. Calling actor_fn() takes away all guarantees of whether @req is still a valid object or destroyed. Unfortunately most of the times the object is allocated from mem-pool an a mem_put() still keeps the arena allocated (no crash). However once the mem-pool is full and allocation falls back to malloc()/free() the code actually becomes dangerous. This resulted in random crashes when the system load is high (when there were sufficient outstanding calls that @rpc pool got full) Change-Id: I4398c717aa0e2c5f06733212b64dd79e7b2a4136 BUG: 884452 Signed-off-by: Anand Avati <> Reviewed-on: Reviewed-by: Krishnan Parthasarathi <> Tested-by: Gluster Build System <>
Diffstat (limited to 'rpc')
1 files changed, 0 insertions, 1 deletions
diff --git a/rpc/rpc-lib/src/rpcsvc.c b/rpc/rpc-lib/src/rpcsvc.c
index db8ce2f3f..d69756cc0 100644
--- a/rpc/rpc-lib/src/rpcsvc.c
+++ b/rpc/rpc-lib/src/rpcsvc.c
@@ -547,7 +547,6 @@ rpcsvc_handle_rpc_call (rpcsvc_t *svc, rpc_transport_t *trans,
} else {
ret = actor_fn (req);
- req->hdr_iobuf = NULL;