From 1e8465620f006628e68c9cd96b03eb5317542171 Mon Sep 17 00:00:00 2001
From: N Balachandran <nbalacha@redhat.com>
Date: Mon, 22 May 2017 11:26:22 +0530
Subject: [PATCH 462/473] cluster/dht: Fix crash in dht_selfheal_dir_setattr

Use a local variable to store the call cnt used in the
for loop for the STACK_WIND so as not to access local
which may be freed by STACK_UNWIND after all fops return.

> BUG: 1452102
> Signed-off-by: N Balachandran <nbalacha@redhat.com>
> Reviewed-on: https://review.gluster.org/17343
> Smoke: Gluster Build System <jenkins@build.gluster.org>
> NetBSD-regression: NetBSD Build System <jenkins@build.gluster.org>
> Reviewed-by: Shyamsundar Ranganathan <srangana@redhat.com>
> CentOS-regression: Gluster Build System <jenkins@build.gluster.org>
Change-Id: I24f49b6dbd29a2b706e388e2f6d5196c0f80afc5
BUG: 1453049
Signed-off-by: N Balachandran <nbalacha@redhat.com>
Reviewed-on: https://code.engineering.redhat.com/gerrit/106793
Reviewed-by: Mohit Agrawal <moagrawa@redhat.com>
---
 xlators/cluster/dht/src/dht-selfheal.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/xlators/cluster/dht/src/dht-selfheal.c b/xlators/cluster/dht/src/dht-selfheal.c
index c2d1c14..4180380 100644
--- a/xlators/cluster/dht/src/dht-selfheal.c
+++ b/xlators/cluster/dht/src/dht-selfheal.c
@@ -1092,6 +1092,7 @@ dht_selfheal_dir_setattr (call_frame_t *frame, loc_t *loc, struct iatt *stbuf,
         int           i     = 0, ret = -1;
         dht_local_t  *local = NULL;
         xlator_t     *this = NULL;
+        int           cnt  = 0;
 
         local = frame->local;
         this = frame->this;
@@ -1117,7 +1118,8 @@ dht_selfheal_dir_setattr (call_frame_t *frame, loc_t *loc, struct iatt *stbuf,
                 gf_uuid_copy (loc->gfid, local->gfid);
 
         local->call_cnt = missing_attr;
-        for (i = 0; i < layout->cnt; i++) {
+        cnt = layout->cnt;
+        for (i = 0; i < cnt; i++) {
                 if (layout->list[i].err == -1) {
                         gf_msg_trace (this->name, 0,
                                       "%s: setattr on subvol %s, gfid = %s",
@@ -1241,6 +1243,7 @@ dht_selfheal_dir_mkdir_lookup_done (call_frame_t *frame, xlator_t *this)
         dict_t       *dict = NULL;
         dht_layout_t  *layout = NULL;
         loc_t        *loc   = NULL;
+        int           cnt   = 0;
 
         VALIDATE_OR_GOTO (this->private, err);
 
@@ -1273,7 +1276,8 @@ dht_selfheal_dir_mkdir_lookup_done (call_frame_t *frame, xlator_t *this)
                         DHT_MSG_DICT_SET_FAILED,
                         "dict is NULL, need to make sure gfids are same");
 
-        for (i = 0; i < layout->cnt; i++) {
+        cnt = layout->cnt;
+        for (i = 0; i < cnt; i++) {
                 if (layout->list[i].err == ESTALE ||
                     layout->list[i].err == ENOENT ||
                     local->selfheal.force_mkdir) {
-- 
1.8.3.1