diff options
author | dimitri staessens <[email protected]> | 2017-03-31 22:35:51 +0200 |
---|---|---|
committer | dimitri staessens <[email protected]> | 2017-04-01 14:25:39 +0200 |
commit | 304bf4f90f58f28d6941d3e3b14bb04d48f52392 (patch) | |
tree | dc31af30c22911df843705ca2cd85ce13b7b9551 | |
parent | 8913ac0a36c068c012cd0be9591cfad63a1af44e (diff) | |
download | ouroboros-304bf4f90f58f28d6941d3e3b14bb04d48f52392.tar.gz ouroboros-304bf4f90f58f28d6941d3e3b14bb04d48f52392.zip |
lib: Fix use-after-free when destroying cdap_req
-rw-r--r-- | src/lib/cdap_req.c | 6 | ||||
-rw-r--r-- | src/lib/cdap_req.h | 1 |
2 files changed, 6 insertions, 1 deletions
diff --git a/src/lib/cdap_req.c b/src/lib/cdap_req.c index df748058..4eab6fa6 100644 --- a/src/lib/cdap_req.c +++ b/src/lib/cdap_req.c @@ -76,6 +76,7 @@ void cdap_req_destroy(struct cdap_req * creq) creq->state = REQ_NULL; pthread_cond_broadcast(&creq->cond); break; + case REQ_INIT_PENDING: case REQ_PENDING: case REQ_RESPONSE: creq->state = REQ_DESTROY; @@ -151,7 +152,10 @@ void cdap_req_respond(struct cdap_req * creq, pthread_mutex_lock(&creq->lock); - while (creq->state == REQ_INIT) + if (creq->state == REQ_INIT) + creq->state = REQ_INIT_PENDING; + + while (creq->state == REQ_INIT_PENDING) pthread_cond_wait(&creq->cond, &creq->lock); if (creq->state != REQ_PENDING) { diff --git a/src/lib/cdap_req.h b/src/lib/cdap_req.h index 648ebc75..b21467f3 100644 --- a/src/lib/cdap_req.h +++ b/src/lib/cdap_req.h @@ -36,6 +36,7 @@ typedef cdap_key_t invoke_id_t; enum creq_state { REQ_NULL = 0, REQ_INIT, + REQ_INIT_PENDING, REQ_PENDING, REQ_RESPONSE, REQ_DONE, |