From d2a30ec4aaeaa546f6370a1377c44574ada5edbc Mon Sep 17 00:00:00 2001 From: Anand Avati Date: Tue, 1 Dec 2009 07:02:02 +0000 Subject: stat-prefetch: fix unsafe reference to @local in sp_lookup_cbk stat-prefetch uses the main syscall frame for performing lookup on demand. this causes a potential reference to a freed local in sp_lookup_cbk after resuming the main syscall frame (which could have unwound and destroyed) Signed-off-by: Anand V. Avati Signed-off-by: Anand V. Avati BUG: 242 (If any of the writes fail, write-behind should not wait till the fd is closed for reporting errors) URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=242 --- xlators/performance/stat-prefetch/src/stat-prefetch.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'xlators/performance') diff --git a/xlators/performance/stat-prefetch/src/stat-prefetch.c b/xlators/performance/stat-prefetch/src/stat-prefetch.c index a1322ee4759..bf328bb77f2 100644 --- a/xlators/performance/stat-prefetch/src/stat-prefetch.c +++ b/xlators/performance/stat-prefetch/src/stat-prefetch.c @@ -577,6 +577,7 @@ sp_lookup_cbk (call_frame_t *frame, void *cookie, xlator_t *this, call_stub_t *stub = NULL, *tmp = NULL; sp_local_t *local = NULL; sp_cache_t *cache = NULL; + int need_unwind = 0; INIT_LIST_HEAD (&waiting_ops); @@ -595,6 +596,9 @@ sp_lookup_cbk (call_frame_t *frame, void *cookie, xlator_t *this, } } + if (local && local->is_lookup) + need_unwind = 1; + ret = inode_ctx_get (inode, this, &value); if (ret == 0) { inode_ctx = (sp_inode_ctx_t *)(long)value; @@ -626,7 +630,7 @@ sp_lookup_cbk (call_frame_t *frame, void *cookie, xlator_t *this, } out: - if ((local != NULL) && (local->is_lookup)) { + if (need_unwind) { SP_STACK_UNWIND (lookup, frame, op_ret, op_errno, inode, buf, dict, postparent); } -- cgit