From 601f5725a0a2e4855d9a4a952709e5c0cadbd846 Mon Sep 17 00:00:00 2001
From: Junaid <junaid@gluster.com>
Date: Mon, 22 Aug 2011 17:32:08 +0530
Subject: features/marker-quota: Fix invalid reads in readdir_cbk.

Change-Id: Icc1e9dc039f1f2d7ee94c689779a715a69d373fa
BUG: 3389
Reviewed-on: http://review.gluster.com/296
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vijay@gluster.com>
---
 xlators/features/marker/src/marker-quota.c | 32 ++++++++++++++++++++++--------
 1 file changed, 24 insertions(+), 8 deletions(-)

diff --git a/xlators/features/marker/src/marker-quota.c b/xlators/features/marker/src/marker-quota.c
index 5cb6dc9ad..fc1f3a71b 100644
--- a/xlators/features/marker/src/marker-quota.c
+++ b/xlators/features/marker/src/marker-quota.c
@@ -548,7 +548,7 @@ quota_readdir_cbk (call_frame_t *frame,
         call_frame_t  *newframe           = NULL;
         loc_t          loc                = {0, };
 
-        local = frame->local;
+        local = quota_local_ref (frame->local);
 
         if (op_ret == -1) {
                 gf_log (this->name, GF_LOG_DEBUG,
@@ -557,11 +557,11 @@ quota_readdir_cbk (call_frame_t *frame,
 
                 release_lock_on_dirty_inode (frame, NULL, this, 0, 0);
 
-                return 0;
+                goto end;
         } else if (op_ret == 0) {
                 get_dirty_inode_size (frame, this);
 
-                return 0;
+                goto end;
         }
 
         local->dentry_child_count =  0;
@@ -582,7 +582,8 @@ quota_readdir_cbk (call_frame_t *frame,
 
         if (count == 0) {
                 get_dirty_inode_size (frame, this);
-                return 0;
+                goto end;
+
         }
 
         local->frame = frame;
@@ -610,11 +611,22 @@ quota_readdir_cbk (call_frame_t *frame,
                 if (ret < 0)
                         goto out;
 
-                newframe = copy_frame (frame);
-                if (!newframe) {
-                        ret = -1;
-                        goto out;
+                ret = 0;
+
+                LOCK (&local->lock);
+                {
+                        if (local->err != -2) {
+                                newframe = copy_frame (frame);
+                                if (!newframe) {
+                                        ret = -1;
+                                }
+                        } else
+                                ret = -1;
                 }
+                UNLOCK (&local->lock);
+
+                if (ret == -1)
+                        goto out;
 
                 newframe->local = quota_local_ref (local);
 
@@ -642,6 +654,8 @@ quota_readdir_cbk (call_frame_t *frame,
 
                 loc_wipe (&loc);
 
+                newframe = NULL;
+
         out:
                 if (dict) {
                         dict_unref (dict);
@@ -665,6 +679,8 @@ quota_readdir_cbk (call_frame_t *frame,
         if (ret && val != -2) {
                 release_lock_on_dirty_inode (frame, NULL, this, 0, 0);
         }
+end:
+        quota_local_unref (this, local);
 
         return 0;
 }
-- 
cgit