sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-03-12 20:58:37 +03:00
Code

s3: smbd: Don't overwrite contents of fsp->aio_requests[0] with NULL via TALLOC_FREE().

Browse Source 
They may have been carefully set by the aio_del_req_from_fsp()
destructor so we must not overwrite here.

Found via some *amazing* debugging work from Ashok Ramakrishnan <aramakrishnan@nasuni.com>.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14515

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Sep 30 11:18:43 UTC 2020 on sn-devel-184

(cherry picked from commit fca8cb63762faff54cda243c1ed8217b36333131)
This commit is contained in:
Jeremy Allison 2020-09-26 22:14:33 -07:00 committed by Karolin Seeger
parent 4873f377e7
commit dcce5e5bf6
1 changed files with 13 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
source3/smbd/close.c
View File

@ -666,7 +666,19 @@ static void assert_no_pending_aio(struct files_struct *fsp,
* fsp->aio_requests[x], causing a crash.
*/
while (fsp->num_aio_requests != 0) {
TALLOC_FREE(fsp->aio_requests[0]);
/*
* NB. We *MUST* use
* talloc_free(fsp->aio_requests[0]),
* and *NOT* TALLOC_FREE() here, as
* TALLOC_FREE(fsp->aio_requests[0])
* will overwrite any new contents of
* fsp->aio_requests[0] that were
* copied into it via the destructor
* aio_del_req_from_fsp().
*
* BUG: https://bugzilla.samba.org/show_bug.cgi?id=14515
*/
talloc_free(fsp->aio_requests[0]);
}
return;
}