mirror of
https://github.com/samba-team/samba.git
synced 2025-01-13 13:18:06 +03:00
ab675516cc
In 15bc66ae801b0c69, Ronnie fixed a double-free race. The problem was that ctdb_run_eventscripts() hands a context to ctdb_event_script_callback() to hang its data off, which gets freed in the callback. This particularly hurt in ctdb_event_script_timeout. There's nothing wrong with this, but obviously we should make the callback call last of all. At the time, ctdb_event_script_timeout() carefully extracted everything from the struct ctdb_event_script_state before calling ->callback. This was cleaned up in 64da4402c6ad485f (Ronnie again), and now state was referred to after the callback again. But the same change introduced a direct use-after-free bug which caused an occasional oops. So in our last episode (eda052101728cf92) Volker fixed this, and Michael committed it. But we still have the double free bug which 15bc66ae801b0c69 was supposed to fix! Let's try to fix this in a more permanent way, but always doing the callback from the destructor. This means we need to hold the status, and don't send the KILL signal if ->child is set to 0. Finally, add a comment about freeing ourselves in run_eventscripts_callback and the structure definition. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (This used to be ctdb commit b90bdb07c1f6913ddbf11bde9684bdc8af61c549) |
||
|---|---|---|
| .. | ||
| client | ||
| common | ||
| config | ||
| doc | ||
| ib | ||
| include | ||
| lib | ||
| packaging | ||
| server | ||
| tcp | ||
| tests | ||
| tools | ||
| utils | ||
| web | ||
| .bzrignore | ||
| .gitignore | ||
| aclocal.m4 | ||
| autogen.sh | ||
| config.guess | ||
| config.mk | ||
| config.sub | ||
| configure.ac | ||
| configure.rpm | ||
| COPYING | ||
| ctdb.pc.in | ||
| install-sh | ||
| Makefile.in | ||