diff options
author | Anand Avati <avati@redhat.com> | 2013-04-25 22:46:50 -0700 |
---|---|---|
committer | Vijay Bellur <vbellur@redhat.com> | 2013-05-13 01:54:45 -0700 |
commit | 7ad8b05dc3003102ac192b1bb6bcae5c57e148cf (patch) | |
tree | a9340bd91590f1ae5a3dbb541e8ec7c55c81f5c4 | |
parent | 0d415f7f8c08edc7b7af88567bb5ec4803defc94 (diff) |
rpcsvc: fix dangerous setting of pointer on free'd structure
The current code is setting @req->hdr_iobuf = NULL _after_ calling
actor_fn() on @req. Calling actor_fn() takes away all guarantees
of whether @req is still a valid object or destroyed.
Unfortunately most of the times the object is allocated from mem-pool
an a mem_put() still keeps the arena allocated (no crash). However
once the mem-pool is full and allocation falls back to malloc()/free()
the code actually becomes dangerous. This resulted in random crashes
when the system load is high (when there were sufficient outstanding
calls that @rpc pool got full)
Change-Id: I4398c717aa0e2c5f06733212b64dd79e7b2a4136
BUG: 884452
Signed-off-by: Anand Avati <avati@redhat.com>
Reviewed-on: http://review.gluster.org/4990
Reviewed-by: Krishnan Parthasarathi <kparthas@redhat.com>
Tested-by: Gluster Build System <jenkins@build.gluster.com>
-rw-r--r-- | rpc/rpc-lib/src/rpcsvc.c | 1 |
1 files changed, 0 insertions, 1 deletions
diff --git a/rpc/rpc-lib/src/rpcsvc.c b/rpc/rpc-lib/src/rpcsvc.c index db8ce2f3f33..d69756cc004 100644 --- a/rpc/rpc-lib/src/rpcsvc.c +++ b/rpc/rpc-lib/src/rpcsvc.c @@ -547,7 +547,6 @@ rpcsvc_handle_rpc_call (rpcsvc_t *svc, rpc_transport_t *trans, req); } else { ret = actor_fn (req); - req->hdr_iobuf = NULL; } } |