diff options
author | dimitri staessens <[email protected]> | 2017-03-31 22:35:51 +0200 |
---|---|---|
committer | dimitri staessens <[email protected]> | 2017-03-31 23:57:13 +0200 |
commit | 47c24ddbd6d2766797e4c2f3e05a93f0cb45f2cd (patch) | |
tree | 6279a7e4839244852688aa46b1a57d056eddd852 /src | |
parent | e36fa4033256110281ec5579e99d097233386550 (diff) | |
download | ouroboros-47c24ddbd6d2766797e4c2f3e05a93f0cb45f2cd.tar.gz ouroboros-47c24ddbd6d2766797e4c2f3e05a93f0cb45f2cd.zip |
lib: Fix use-after-free when destroying cdap_req
Diffstat (limited to 'src')
-rw-r--r-- | src/lib/cdap_req.c | 6 | ||||
-rw-r--r-- | src/lib/cdap_req.h | 1 |
2 files changed, 6 insertions, 1 deletions
diff --git a/src/lib/cdap_req.c b/src/lib/cdap_req.c index df748058..4eab6fa6 100644 --- a/src/lib/cdap_req.c +++ b/src/lib/cdap_req.c @@ -76,6 +76,7 @@ void cdap_req_destroy(struct cdap_req * creq) creq->state = REQ_NULL; pthread_cond_broadcast(&creq->cond); break; + case REQ_INIT_PENDING: case REQ_PENDING: case REQ_RESPONSE: creq->state = REQ_DESTROY; @@ -151,7 +152,10 @@ void cdap_req_respond(struct cdap_req * creq, pthread_mutex_lock(&creq->lock); - while (creq->state == REQ_INIT) + if (creq->state == REQ_INIT) + creq->state = REQ_INIT_PENDING; + + while (creq->state == REQ_INIT_PENDING) pthread_cond_wait(&creq->cond, &creq->lock); if (creq->state != REQ_PENDING) { diff --git a/src/lib/cdap_req.h b/src/lib/cdap_req.h index 648ebc75..b21467f3 100644 --- a/src/lib/cdap_req.h +++ b/src/lib/cdap_req.h @@ -36,6 +36,7 @@ typedef cdap_key_t invoke_id_t; enum creq_state { REQ_NULL = 0, REQ_INIT, + REQ_INIT_PENDING, REQ_PENDING, REQ_RESPONSE, REQ_DONE, |