sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-03-01 04:58:35 +03:00
Code

lib: tevent: Fix bug in poll backend - poll_event_loop_poll()

Browse Source 
If the (pfd->revents & POLLNVAL) case is triggered,
we do DLIST_REMOVE(ev->fd_events, fde); and then
use fde->next in the loop above.

Save off fde->next for loop interation before
this so we can't use a deleted ->next value.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11771

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 2be3dd1407eabe3df360ede2eab178848e34733c)
This commit is contained in:
Jeremy Allison 2015-11-17 10:28:50 -08:00 committed by Karolin Seeger
parent 8f31190fef
commit 0cd4ddf35d
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
lib/tevent/tevent_poll.c
View File

@ -498,6 +498,7 @@ static int poll_event_loop_poll(struct tevent_context *ev,
int timeout = -1;
int poll_errno;
struct tevent_fd *fde = NULL;
struct tevent_fd *next = NULL;
unsigned i;
if (ev->signal_events && tevent_common_check_signal(ev)) {
@ -542,11 +543,13 @@ static int poll_event_loop_poll(struct tevent_context *ev,
which ones and call the handler, being careful to allow
the handler to remove itself when called */
for (fde = ev->fd_events; fde; fde = fde->next) {
for (fde = ev->fd_events; fde; fde = next) {
uint64_t idx = fde->additional_flags;
struct pollfd *pfd;
uint16_t flags = 0;
next = fde->next;
if (idx == UINT64_MAX) {
continue;
}