diff options
| author | Pranith Kumar K <pkarampu@redhat.com> | 2015-04-24 16:24:52 +0530 |
|---|---|---|
| committer | Vijay Bellur <vbellur@redhat.com> | 2015-04-26 07:35:19 -0700 |
| commit | bcd0cf9f156bfefa78d099d3a5eec4e489a9513d (patch) | |
| tree | cc2083fa8d6bacc314278d68de03174f020d839a | |
| parent | dfc84d7a7c08d0fb7b1d0bfb8f9dd33ea8285bf1 (diff) | |
timer: Fix use after free issue
BUG: 1215173
Change-Id: Ic0fcfa009d1e4828ffd245154cd3e042a1b2bc2e
Signed-off-by: Pranith Kumar K <pkarampu@redhat.com>
Reviewed-on: http://review.gluster.org/10368
Tested-by: NetBSD Build System
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>
| -rw-r--r-- | libglusterfs/src/timer.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/libglusterfs/src/timer.c b/libglusterfs/src/timer.c index cc47db3b9e1..0d845cdeb38 100644 --- a/libglusterfs/src/timer.c +++ b/libglusterfs/src/timer.c @@ -176,12 +176,16 @@ gf_timer_proc (void *ctx) } pthread_mutex_unlock (®->lock); if (need_cbk) { + old_THIS = NULL; if (event->xl) { old_THIS = THIS; THIS = event->xl; } event->callbk (event->data); - if (event->xl) { + /*This callbk above would have freed the event + * by calling timer_cancel, don't ever touch it + * again*/ + if (old_THIS) { THIS = old_THIS; } } |