From 1cc500f48005d8682f39f7c6355170df569c7603 Mon Sep 17 00:00:00 2001
From: Pranith Kumar K <pkarampu@redhat.com>
Date: Sat, 13 Jun 2015 17:33:14 +0530
Subject: cluster/dht: Prevent use after free bug

Change-Id: I2d1f5bb2dd27f6cea52c059b4ff08ca0fa63b140
BUG: 1231425
Signed-off-by: Pranith Kumar K <pkarampu@redhat.com>
Reviewed-on: http://review.gluster.org/11209
Reviewed-by: Raghavendra G <rgowdapp@redhat.com>
Tested-by: Raghavendra G <rgowdapp@redhat.com>
---
 xlators/cluster/dht/src/dht-helper.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/xlators/cluster/dht/src/dht-helper.c b/xlators/cluster/dht/src/dht-helper.c
index 20f524c9887..24c316478aa 100644
--- a/xlators/cluster/dht/src/dht-helper.c
+++ b/xlators/cluster/dht/src/dht-helper.c
@@ -1572,6 +1572,8 @@ dht_unlock_inodelk (call_frame_t *frame, dht_lock_t **lk_array, int lk_count,
                                    local->lock.locks[i]->domain,
                                    &local->lock.locks[i]->loc, F_SETLK,
                                    &flock, NULL);
+                if (!--call_cnt)
+                        break;
         }
 
         return 0;
@@ -1661,7 +1663,7 @@ dht_nonblocking_inodelk (call_frame_t *frame, dht_lock_t **lk_array,
 
         local->call_cnt = lk_count;
 
-        for (i = 0; i < local->lock.lk_count; i++) {
+        for (i = 0; i < lk_count; i++) {
                 flock.l_type = local->lock.locks[i]->type;
 
                 STACK_WIND_COOKIE (lock_frame, dht_nonblocking_inodelk_cbk,
-- 
cgit