stat-prefetch: fix unsafe reference to @local in sp_lookup_cbk

stat-prefetch uses the main syscall frame for performing lookup on
demand. this causes a potential reference to a freed local in
sp_lookup_cbk after resuming the main syscall frame (which could
have unwound and destroyed)

Signed-off-by: Anand V. Avati <avati@blackhole.gluster.com>
Signed-off-by: Anand V. Avati <avati@dev.gluster.com>

BUG: 242 (If any of the writes fail, write-behind should not wait till the fd is closed for reporting errors)
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=242

1 files changed, 5 insertions, 1 deletions

diff --git a/xlators/performance/stat-prefetch/src/stat-prefetch.c b/xlators/performance/stat-prefetch/src/stat-prefetch.c
index a1322ee4759..bf328bb77f2 100644
--- a/xlators/performance/stat-prefetch/src/stat-prefetch.c
+++ b/xlators/performance/stat-prefetch/src/stat-prefetch.c
@@ -577,6 +577,7 @@ sp_lookup_cbk (call_frame_t *frame, void *cookie, xlator_t *this,
         call_stub_t         *stub        = NULL, *tmp = NULL;
         sp_local_t          *local       = NULL;
         sp_cache_t          *cache       = NULL;
+        int                  need_unwind = 0;
 
         INIT_LIST_HEAD (&waiting_ops);
 
@@ -595,6 +596,9 @@ sp_lookup_cbk (call_frame_t *frame, void *cookie, xlator_t *this,
                 }
         }
 
+        if (local && local->is_lookup)
+                need_unwind = 1;
+
         ret = inode_ctx_get (inode, this, &value);
         if (ret == 0) {
                 inode_ctx = (sp_inode_ctx_t *)(long)value; 
@@ -626,7 +630,7 @@ sp_lookup_cbk (call_frame_t *frame, void *cookie, xlator_t *this,
         }
 
 out:
-        if ((local != NULL) && (local->is_lookup)) {
+        if (need_unwind) {
                 SP_STACK_UNWIND (lookup, frame, op_ret, op_errno, inode, buf,
                                  dict, postparent);
         }