From c5c1ad0fae6701cc9350bda4e5dc6d33cdf28eca Mon Sep 17 00:00:00 2001
From: Pranith Kumar K <pkarampu@redhat.com>
Date: Sat, 13 Jun 2015 17:33:14 +0530
Subject: cluster/dht: Prevent use after free bug

        Backport of http://review.gluster.org/11209

BUG: 1233042
Change-Id: If3685c9ed84a6720d8696d11773005e9786b503f
Signed-off-by: Pranith Kumar K <pkarampu@redhat.com>
Reviewed-on: http://review.gluster.org/11305
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Tested-by: NetBSD Build System <jenkins@build.gluster.org>
Reviewed-by: Atin Mukherjee <amukherj@redhat.com>
---
 xlators/cluster/dht/src/dht-helper.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/xlators/cluster/dht/src/dht-helper.c b/xlators/cluster/dht/src/dht-helper.c
index ac2f794e00c..f24c62c5ecd 100644
--- a/xlators/cluster/dht/src/dht-helper.c
+++ b/xlators/cluster/dht/src/dht-helper.c
@@ -1577,6 +1577,8 @@ dht_unlock_inodelk (call_frame_t *frame, dht_lock_t **lk_array, int lk_count,
                                    local->lock.locks[i]->domain,
                                    &local->lock.locks[i]->loc, F_SETLK,
                                    &flock, NULL);
+                if (!--call_cnt)
+                        break;
         }
 
         return 0;
@@ -1666,7 +1668,7 @@ dht_nonblocking_inodelk (call_frame_t *frame, dht_lock_t **lk_array,
 
         local->call_cnt = lk_count;
 
-        for (i = 0; i < local->lock.lk_count; i++) {
+        for (i = 0; i < lk_count; i++) {
                 flock.l_type = local->lock.locks[i]->type;
 
                 STACK_WIND_COOKIE (lock_frame, dht_nonblocking_inodelk_cbk,
-- 
cgit