diff options
| author | N Balachandran <nbalacha@redhat.com> | 2017-06-29 10:52:37 +0530 |
|---|---|---|
| committer | Raghavendra Talur <rtalur@redhat.com> | 2017-07-01 15:54:19 +0000 |
| commit | 9eb41658918f6e0d01879e5cdf69b401cabfd60d (patch) | |
| tree | 48170987061d44fa31d7fba95cd100ea8349b468 | |
| parent | 70be0c14760ce1581515151254d65899ad616324 (diff) | |
cluster:dht Fix crash in dht_rename_lock_cbk
Use a local variable to store the call count
in the STACK_WIND for loop. Using frame->local
is dangerous as it could be freed while the loop
is still being processed
> BUG: 1466110
> Signed-off-by: N Balachandran <nbalacha@redhat.com>
> Reviewed-on: https://review.gluster.org/17645
> Smoke: Gluster Build System <jenkins@build.gluster.org>
> Tested-by: Nigel Babu <nigelb@redhat.com>
> Reviewed-by: Amar Tumballi <amarts@redhat.com>
> Reviewed-by: Jeff Darcy <jeff@pl.atyp.us>
> CentOS-regression: Gluster Build System <jenkins@build.gluster.org>
> Reviewed-by: Shyamsundar Ranganathan <srangana@redhat.com>
(cherry picked from commit 56da27cf5dc6ef54c7fa5282dedd6700d35a0ab0)
Change-Id: Ie65cdcfb7868509b4a83bc2a5b5d6304eabfbc8e
BUG: 1466863
Signed-off-by: N Balachandran <nbalacha@redhat.com>
Reviewed-on: https://review.gluster.org/17665
Smoke: Gluster Build System <jenkins@build.gluster.org>
Reviewed-by: Jeff Darcy <jeff@pl.atyp.us>
CentOS-regression: Gluster Build System <jenkins@build.gluster.org>
| -rw-r--r-- | xlators/cluster/dht/src/dht-rename.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/xlators/cluster/dht/src/dht-rename.c b/xlators/cluster/dht/src/dht-rename.c index 53c61f8a714..dce73f2a99e 100644 --- a/xlators/cluster/dht/src/dht-rename.c +++ b/xlators/cluster/dht/src/dht-rename.c @@ -1407,6 +1407,8 @@ dht_rename_lock_cbk (call_frame_t *frame, void *cookie, xlator_t *this, dict_t *xattr_req = NULL; dht_conf_t *conf = NULL; int i = 0; + int count = 0; + local = frame->local; conf = this->private; @@ -1446,9 +1448,9 @@ dht_rename_lock_cbk (call_frame_t *frame, void *cookie, xlator_t *this, goto done; } - local->call_cnt = local->lock.lk_count; + count = local->call_cnt = local->lock.lk_count; - for (i = 0; i < local->lock.lk_count; i++) { + for (i = 0; i < count; i++) { STACK_WIND (frame, dht_rename_lookup_cbk, local->lock.locks[i]->xl, local->lock.locks[i]->xl->fops->lookup, |