summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMohammed Rafi KC <rkavunga@redhat.com>2017-07-03 16:37:01 +0530
committerAtin Mukherjee <amukherj@redhat.com>2017-07-09 05:23:48 +0000
commit26241777bf59c7d64c582ce09e557bc2dc97dabb (patch)
treef9424f8c1e1b44c916468ac5d6ee427907f3685e
parent70a5dfdea4980dea5da5b5008a16fd155a3adf34 (diff)
uss/svc: fix double free on xdata dictionary
we were taking unref on wrong dictionary which results in wrong memory access. Change-Id: Ic25a6c209ecd72c9056dfcb79fabcfc650dd3c1e BUG: 1467513 Signed-off-by: Mohammed Rafi KC <rkavunga@redhat.com> Reviewed-on: https://review.gluster.org/17691 CentOS-regression: Gluster Build System <jenkins@build.gluster.org> Smoke: Gluster Build System <jenkins@build.gluster.org> Reviewed-by: Atin Mukherjee <amukherj@redhat.com>
-rw-r--r--xlators/features/snapview-client/src/snapview-client.c25
-rw-r--r--xlators/features/snapview-client/src/snapview-client.h3
2 files changed, 20 insertions, 8 deletions
diff --git a/xlators/features/snapview-client/src/snapview-client.c b/xlators/features/snapview-client/src/snapview-client.c
index 4ec2bd87c28..dafd3d356f4 100644
--- a/xlators/features/snapview-client/src/snapview-client.c
+++ b/xlators/features/snapview-client/src/snapview-client.c
@@ -1661,14 +1661,12 @@ gf_svc_readdirp_lookup_cbk (call_frame_t *frame, void *cookie, xlator_t *this,
local = frame->local;
- if (local->xdata != NULL)
- dict_unref (xdata);
-
if (op_ret) {
if (op_errno == ESTALE && !local->revalidate) {
local->revalidate = 1;
ret = gf_svc_special_dir_revalidate_lookup (frame,
- this);
+ this,
+ xdata);
if (!ret)
return 0;
@@ -1723,7 +1721,8 @@ out:
}
int
-gf_svc_special_dir_revalidate_lookup (call_frame_t *frame, xlator_t *this)
+gf_svc_special_dir_revalidate_lookup (call_frame_t *frame, xlator_t *this,
+ dict_t *xdata)
{
svc_private_t *private = NULL;
svc_local_t *local = NULL;
@@ -1740,6 +1739,15 @@ gf_svc_special_dir_revalidate_lookup (call_frame_t *frame, xlator_t *this)
local = frame->local;
loc = &local->loc;
+ if (local->xdata) {
+ dict_unref (local->xdata);
+ local->xdata = NULL;
+ }
+
+ if (xdata)
+ local->xdata = dict_ref (xdata);
+
+
inode_unref (loc->inode);
loc->inode = inode_new (loc->parent->table);
if (!loc->inode) {
@@ -1878,10 +1886,13 @@ gf_svc_readdir_on_special_dir (call_frame_t *frame, void *cookie,
}
local->cookie = cookie;
- if (xdata == NULL)
+ if (local->xdata) {
+ dict_unref (local->xdata);
local->xdata = NULL;
- else
+ }
+ if (xdata)
local->xdata = dict_ref (xdata);
+
STACK_WIND (frame, gf_svc_readdirp_lookup_cbk,
SECOND_CHILD (this),
SECOND_CHILD (this)->fops->lookup, loc, tmp_xdata);
diff --git a/xlators/features/snapview-client/src/snapview-client.h b/xlators/features/snapview-client/src/snapview-client.h
index e1fcb371e8c..169974af532 100644
--- a/xlators/features/snapview-client/src/snapview-client.h
+++ b/xlators/features/snapview-client/src/snapview-client.h
@@ -96,6 +96,7 @@ typedef enum {
} inode_type_t;
int
-gf_svc_special_dir_revalidate_lookup (call_frame_t *frame, xlator_t *this);
+gf_svc_special_dir_revalidate_lookup (call_frame_t *frame, xlator_t *this,
+ dict_t *xdata);
#endif /* __SNAP_VIEW_CLIENT_H__ */