mirror of
https://github.com/samba-team/samba.git
synced 2025-01-26 10:04:02 +03:00
c9cced0322
The valgrind error happened in poll_funcs_tevent_handle_destructor in if (handle->ctx->refcount == 0) handle->ctx was already gone at the time this destructor was called. It happened because during messaging_init the messaging_dgm subsystem was free'ed. The unix_msg context and the poll_funcs_tevent_context are children of messaging_dgm_context. How was poll_funcs_tevent_handle_destructor still called? While working on the new notify subsystem I've added some messaging_read_send tevent_reqs, which register themselves with the dgm_context via messaging_dgm_register_tevent_context. They were not gone yet. When later these were also run down due to another talloc_free somewhere else, this destructor referenced dead memory. This code now protects the poll_funcs_tevent_handle against the poll_funcs_tevent_context going away first with the loop for (h = ctx->handles; h != NULL; h = h->next) { h->ctx = NULL; } in poll_funcs_tevent_context_destructor together with if (handle->ctx == NULL) { return 0; } in poll_funcs_tevent_handle_destructor. A side-effect of this code is that messaging_read_send request won't be satisfied anymore after a reinit_after_fork kicked in. But I think this is the right thing anyway: Every process should register its own message handlers explicitly. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>