From 276142d543f6129623e40e7c93a23353c1f4eac3 Mon Sep 17 00:00:00 2001
From: Raghavendra Bhat <raghavendrabhat@gluster.com>
Date: Wed, 17 Aug 2011 00:55:39 +0530
Subject: features/marker: do not unref the marker local twice to avoid memory
 corruption

Change-Id: I71bc8a477155cff62c3218fee285a22a44aa54ba
BUG: 3385
Reviewed-on: http://review.gluster.com/241
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vijay@gluster.com>
---
 xlators/features/marker/src/marker-quota.c | 21 +++++++++++++++------
 xlators/features/marker/src/marker-quota.h |  2 +-
 2 files changed, 16 insertions(+), 7 deletions(-)

(limited to 'xlators')

diff --git a/xlators/features/marker/src/marker-quota.c b/xlators/features/marker/src/marker-quota.c
index 311e4d392d5..3e9a6890a6a 100644
--- a/xlators/features/marker/src/marker-quota.c
+++ b/xlators/features/marker/src/marker-quota.c
@@ -182,6 +182,8 @@ release_lock_on_dirty_inode (call_frame_t *frame, void *cookie, xlator_t *this,
 {
         struct gf_flock   lock  = {0, };
         quota_local_t    *local = NULL;
+        loc_t             loc = {0, };
+	int               ret = -1;
 
         local = frame->local;
 
@@ -202,12 +204,22 @@ release_lock_on_dirty_inode (call_frame_t *frame, void *cookie, xlator_t *this,
         lock.l_len    = 0;
         lock.l_pid    = 0;
 
+        ret = loc_copy (&loc, &local->loc);
+	if (ret == -1) {
+                local->err = -1;
+                frame->local = NULL;
+                dirty_inode_updation_done (frame, NULL, this, 0, 0);
+                return 0;
+        }
+        frame->local = NULL;
+
         STACK_WIND (frame,
                     dirty_inode_updation_done,
                     FIRST_CHILD(this),
                     FIRST_CHILD(this)->fops->inodelk,
-                    this->name, &local->loc, F_SETLKW, &lock);
+                    this->name, &loc, F_SETLKW, &lock);
 
+        loc_wipe (&loc);
         return 0;
 }
 
@@ -404,7 +416,6 @@ get_child_contribution (call_frame_t *frame,
                 gf_log (this->name, GF_LOG_ERROR, "%s", strerror (op_errno));
 
                 local->err = -2;
-
                 release_lock_on_dirty_inode (local->frame, NULL, this, 0, 0);
 
                 goto out;
@@ -431,11 +442,9 @@ out:
         UNLOCK (&local->lock);
 
         if (val== 0) {
-                if (local->err) {
-                        QUOTA_SAFE_DECREMENT (&local->lock, local->ref, val);
-
+                if (local->err)
                         quota_local_unref (this, local);
-                } else
+                else
                         quota_dirty_inode_readdir (local->frame, NULL, this,
                                                    0, 0, NULL);
         }
diff --git a/xlators/features/marker/src/marker-quota.h b/xlators/features/marker/src/marker-quota.h
index ff869d67fde..dfb916bcf6e 100644
--- a/xlators/features/marker/src/marker-quota.h
+++ b/xlators/features/marker/src/marker-quota.h
@@ -42,7 +42,7 @@
                 _frame->local = NULL;                   \
                 STACK_DESTROY (_frame->root);           \
                 quota_local_unref (_this, _local);      \
-                GF_FREE (_local);                       \
+		GF_FREE (_local);			\
         } while (0)
 
 
-- 
cgit