From 99c25e8b07f36adf7786164ff9ca4225b1835ca0 Mon Sep 17 00:00:00 2001
From: Pranith Kumar K <pkarampu@redhat.com>
Date: Sat, 13 Jun 2015 17:33:14 +0530
Subject: [PATCH 122/129] cluster/dht: Prevent use after free bug

        Backport of http://review.gluster.org/11209

BUG: 1233046
Change-Id: If3685c9ed84a6720d8696d11773005e9786b503f
Signed-off-by: Pranith Kumar K <pkarampu@redhat.com>
Reviewed-on: https://code.engineering.redhat.com/gerrit/50997
Reviewed-by: Raghavendra Gowdappa <rgowdapp@redhat.com>
Tested-by: Raghavendra Gowdappa <rgowdapp@redhat.com>
---
 xlators/cluster/dht/src/dht-helper.c |    4 +++-
 1 files changed, 3 insertions(+), 1 deletions(-)

diff --git a/xlators/cluster/dht/src/dht-helper.c b/xlators/cluster/dht/src/dht-helper.c
index ac2f794..f24c62c 100644
--- a/xlators/cluster/dht/src/dht-helper.c
+++ b/xlators/cluster/dht/src/dht-helper.c
@@ -1577,6 +1577,8 @@ dht_unlock_inodelk (call_frame_t *frame, dht_lock_t **lk_array, int lk_count,
                                    local->lock.locks[i]->domain,
                                    &local->lock.locks[i]->loc, F_SETLK,
                                    &flock, NULL);
+                if (!--call_cnt)
+                        break;
         }
 
         return 0;
@@ -1666,7 +1668,7 @@ dht_nonblocking_inodelk (call_frame_t *frame, dht_lock_t **lk_array,
 
         local->call_cnt = lk_count;
 
-        for (i = 0; i < local->lock.lk_count; i++) {
+        for (i = 0; i < lk_count; i++) {
                 flock.l_type = local->lock.locks[i]->type;
 
                 STACK_WIND_COOKIE (lock_frame, dht_nonblocking_inodelk_cbk,
-- 
1.7.1