summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPrashanth Pai <ppai@redhat.com>2015-05-12 16:36:55 +0530
committerShyamsundar Ranganathan <srangana@redhat.com>2015-07-07 08:06:43 -0700
commitafa793ff16b349989ca7c958466eae15d2d003f9 (patch)
treefcd88a57791a0fb238ea216be9c065efc229ec80
parentb1abcf61d927009dfd794316b02d683d0e6d32cc (diff)
libgfapi: Gracefully exit when glfd is invalid
When glfs_* methods operating on glfd are invoked after calling glfs_close(), the program segfaults inside __GLFS_ENTRY_VALIDATE_FD trying to deference glfd->fd->inode which is invalid. Also, returning EBADF seemed more specific than EINVAL. BUG: 1221008 Change-Id: I13a92dca52da9a300252b69e026581b3a9e931fd Signed-off-by: Prashanth Pai <ppai@redhat.com> Reviewed-on: http://review.gluster.org/10759 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Shyamsundar Ranganathan <srangana@redhat.com>
-rw-r--r--api/src/glfs-internal.h4
-rw-r--r--api/src/glfs.c6
-rw-r--r--libglusterfs/src/fd.c2
3 files changed, 7 insertions, 5 deletions
diff --git a/api/src/glfs-internal.h b/api/src/glfs-internal.h
index 3f8ac92ac7e..ff8ace9cbb8 100644
--- a/api/src/glfs-internal.h
+++ b/api/src/glfs-internal.h
@@ -268,8 +268,8 @@ do { \
#define __GLFS_ENTRY_VALIDATE_FD(glfd, label) \
do { \
- if (!glfd) { \
- errno = EINVAL; \
+ if (!glfd || !glfd->fd || !glfd->fd->inode) { \
+ errno = EBADF; \
goto label; \
} \
old_THIS = THIS; \
diff --git a/api/src/glfs.c b/api/src/glfs.c
index fc392947e1e..490dbde9c1e 100644
--- a/api/src/glfs.c
+++ b/api/src/glfs.c
@@ -555,8 +555,10 @@ glfs_fd_destroy (struct glfs_fd *glfd)
}
glfs_unlock (glfd->fs);
- if (glfd->fd)
- fd_unref (glfd->fd);
+ if (glfd->fd) {
+ fd_unref (glfd->fd);
+ glfd->fd = NULL;
+ }
GF_FREE (glfd->readdirbuf);
diff --git a/libglusterfs/src/fd.c b/libglusterfs/src/fd.c
index af0d66da1ec..0b1229aac7e 100644
--- a/libglusterfs/src/fd.c
+++ b/libglusterfs/src/fd.c
@@ -533,7 +533,7 @@ fd_destroy (fd_t *fd)
}
UNLOCK (&fd->inode->lock);
inode_unref (fd->inode);
- fd->inode = (inode_t *)0xaaaaaaaa;
+ fd->inode = NULL;
fd_lk_ctx_unref (fd->lk_ctx);
mem_put (fd);
out: