summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAnand Avati <avati@redhat.com>2013-04-25 22:46:50 -0700
committerVijay Bellur <vbellur@redhat.com>2013-05-13 01:54:45 -0700
commit7ad8b05dc3003102ac192b1bb6bcae5c57e148cf (patch)
treea9340bd91590f1ae5a3dbb541e8ec7c55c81f5c4
parent0d415f7f8c08edc7b7af88567bb5ec4803defc94 (diff)
rpcsvc: fix dangerous setting of pointer on free'd structure
The current code is setting @req->hdr_iobuf = NULL _after_ calling actor_fn() on @req. Calling actor_fn() takes away all guarantees of whether @req is still a valid object or destroyed. Unfortunately most of the times the object is allocated from mem-pool an a mem_put() still keeps the arena allocated (no crash). However once the mem-pool is full and allocation falls back to malloc()/free() the code actually becomes dangerous. This resulted in random crashes when the system load is high (when there were sufficient outstanding calls that @rpc pool got full) Change-Id: I4398c717aa0e2c5f06733212b64dd79e7b2a4136 BUG: 884452 Signed-off-by: Anand Avati <avati@redhat.com> Reviewed-on: http://review.gluster.org/4990 Reviewed-by: Krishnan Parthasarathi <kparthas@redhat.com> Tested-by: Gluster Build System <jenkins@build.gluster.com>
-rw-r--r--rpc/rpc-lib/src/rpcsvc.c1
1 files changed, 0 insertions, 1 deletions
diff --git a/rpc/rpc-lib/src/rpcsvc.c b/rpc/rpc-lib/src/rpcsvc.c
index db8ce2f3f33..d69756cc004 100644
--- a/rpc/rpc-lib/src/rpcsvc.c
+++ b/rpc/rpc-lib/src/rpcsvc.c
@@ -547,7 +547,6 @@ rpcsvc_handle_rpc_call (rpcsvc_t *svc, rpc_transport_t *trans,
req);
} else {
ret = actor_fn (req);
- req->hdr_iobuf = NULL;
}
}