summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorN Balachandran <nbalacha@redhat.com>2017-06-29 10:52:37 +0530
committerShyamsundar Ranganathan <srangana@redhat.com>2017-07-05 14:10:20 +0000
commitd4adffdb8da96dfbbe68a8d325fc28941e1f8627 (patch)
tree664a425d58ec1f5728d8cdcf7eba47d26a241251
parente9699c20eebf88d658eb9e32d7c6d00288b28cc2 (diff)
cluster:dht Fix crash in dht_rename_lock_cbk
Use a local variable to store the call count in the STACK_WIND for loop. Using frame->local is dangerous as it could be freed while the loop is still being processed > BUG: 1466110 > Signed-off-by: N Balachandran <nbalacha@redhat.com> > Reviewed-on: https://review.gluster.org/17645 > Smoke: Gluster Build System <jenkins@build.gluster.org> > Tested-by: Nigel Babu <nigelb@redhat.com> > Reviewed-by: Amar Tumballi <amarts@redhat.com> > Reviewed-by: Jeff Darcy <jeff@pl.atyp.us> > CentOS-regression: Gluster Build System <jenkins@build.gluster.org> > Reviewed-by: Shyamsundar Ranganathan <srangana@redhat.com> (cherry picked from commit 56da27cf5dc6ef54c7fa5282dedd6700d35a0ab0) Change-Id: Ie65cdcfb7868509b4a83bc2a5b5d6304eabfbc8e BUG: 1466859 Signed-off-by: N Balachandran <nbalacha@redhat.com> Reviewed-on: https://review.gluster.org/17664 Smoke: Gluster Build System <jenkins@build.gluster.org> Reviewed-by: Jeff Darcy <jeff@pl.atyp.us> CentOS-regression: Gluster Build System <jenkins@build.gluster.org>
-rw-r--r--xlators/cluster/dht/src/dht-rename.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/xlators/cluster/dht/src/dht-rename.c b/xlators/cluster/dht/src/dht-rename.c
index 32806e9..3068499 100644
--- a/xlators/cluster/dht/src/dht-rename.c
+++ b/xlators/cluster/dht/src/dht-rename.c
@@ -1518,6 +1518,8 @@ dht_rename_lock_cbk (call_frame_t *frame, void *cookie, xlator_t *this,
dict_t *xattr_req = NULL;
dht_conf_t *conf = NULL;
int i = 0;
+ int count = 0;
+
local = frame->local;
conf = this->private;
@@ -1557,7 +1559,7 @@ dht_rename_lock_cbk (call_frame_t *frame, void *cookie, xlator_t *this,
goto done;
}
- local->call_cnt = local->lock[0].layout.parent_layout.lk_count;
+ count = local->call_cnt = local->lock[0].layout.parent_layout.lk_count;
/* Why not use local->lock.locks[?].loc for lookup post lock phase
* ---------------------------------------------------------------
@@ -1577,7 +1579,7 @@ dht_rename_lock_cbk (call_frame_t *frame, void *cookie, xlator_t *this,
* exists with the name that the client requested with.
* */
- for (i = 0; i < local->lock[0].layout.parent_layout.lk_count; i++) {
+ for (i = 0; i < count; i++) {
STACK_WIND_COOKIE (frame, dht_rename_lookup_cbk, (void *)(long)i,
local->lock[0].layout.parent_layout.locks[i]->xl,
local->lock[0].layout.parent_layout.locks[i]->xl->fops->lookup,