summaryrefslogtreecommitdiff
path: root/src/lib
diff options
context:
space:
mode:
authordimitri staessens <dimitri.staessens@ugent.be>2017-03-31 22:35:51 +0200
committerdimitri staessens <dimitri.staessens@ugent.be>2017-03-31 23:57:13 +0200
commit47c24ddbd6d2766797e4c2f3e05a93f0cb45f2cd (patch)
tree6279a7e4839244852688aa46b1a57d056eddd852 /src/lib
parente36fa4033256110281ec5579e99d097233386550 (diff)
downloadouroboros-47c24ddbd6d2766797e4c2f3e05a93f0cb45f2cd.tar.gz
ouroboros-47c24ddbd6d2766797e4c2f3e05a93f0cb45f2cd.zip
lib: Fix use-after-free when destroying cdap_req
Diffstat (limited to 'src/lib')
-rw-r--r--src/lib/cdap_req.c6
-rw-r--r--src/lib/cdap_req.h1
2 files changed, 6 insertions, 1 deletions
diff --git a/src/lib/cdap_req.c b/src/lib/cdap_req.c
index df748058..4eab6fa6 100644
--- a/src/lib/cdap_req.c
+++ b/src/lib/cdap_req.c
@@ -76,6 +76,7 @@ void cdap_req_destroy(struct cdap_req * creq)
creq->state = REQ_NULL;
pthread_cond_broadcast(&creq->cond);
break;
+ case REQ_INIT_PENDING:
case REQ_PENDING:
case REQ_RESPONSE:
creq->state = REQ_DESTROY;
@@ -151,7 +152,10 @@ void cdap_req_respond(struct cdap_req * creq,
pthread_mutex_lock(&creq->lock);
- while (creq->state == REQ_INIT)
+ if (creq->state == REQ_INIT)
+ creq->state = REQ_INIT_PENDING;
+
+ while (creq->state == REQ_INIT_PENDING)
pthread_cond_wait(&creq->cond, &creq->lock);
if (creq->state != REQ_PENDING) {
diff --git a/src/lib/cdap_req.h b/src/lib/cdap_req.h
index 648ebc75..b21467f3 100644
--- a/src/lib/cdap_req.h
+++ b/src/lib/cdap_req.h
@@ -36,6 +36,7 @@ typedef cdap_key_t invoke_id_t;
enum creq_state {
REQ_NULL = 0,
REQ_INIT,
+ REQ_INIT_PENDING,
REQ_PENDING,
REQ_RESPONSE,
REQ_DONE,
generated by cgit v1.2.3 (git 2.39.1) at 2025-11-04 15:10:38 +0000