From 633498ff40c5876607a7c4b0ccd23d13374373ab Mon Sep 17 00:00:00 2001
Message-Id: <633498ff40c5876607a7c4b0ccd23d13374373ab@dist-git>
From: Stefan Berger <stefanb@linux.vnet.ibm.com>
Date: Thu, 20 Mar 2014 00:06:19 -0600
Subject: [PATCH] nwfilter: Fix double free of pointer
https://bugzilla.redhat.com/show_bug.cgi?id=1071181
Commit 49b59a15 fixed one problem but masks another one related to pointer
freeing.
Avoid putting of the virNWFilterSnoopReq once the thread has been started.
It belongs to the thread and the thread will call virNWFilterSnoopReqPut() on it.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
(cherry picked from commit 963dcf905c5ee0358d6b0b74b124ff340cbbbd2b)
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
---
src/nwfilter/nwfilter_dhcpsnoop.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/src/nwfilter/nwfilter_dhcpsnoop.c b/src/nwfilter/nwfilter_dhcpsnoop.c
index e7dd4fa..caa453f 100644
--- a/src/nwfilter/nwfilter_dhcpsnoop.c
+++ b/src/nwfilter/nwfilter_dhcpsnoop.c
@@ -1598,6 +1598,7 @@ virNWFilterDHCPSnoopReq(virNWFilterTechDriverPtr techdriver,
int tmp;
virThread thread;
virNWFilterVarValuePtr dhcpsrvrs;
+ bool threadPuts = false;
virNWFilterSnoopIFKeyFMT(ifkey, vmuuid, macaddr);
@@ -1691,6 +1692,8 @@ virNWFilterDHCPSnoopReq(virNWFilterTechDriverPtr techdriver,
goto exit_snoopreq_unlock;
}
+ threadPuts = true;
+
virAtomicIntInc(&virNWFilterSnoopState.nThreads);
req->threadkey = virNWFilterSnoopActivate(req);
@@ -1730,7 +1733,8 @@ exit_rem_ifnametokey:
exit_snoopunlock:
virNWFilterSnoopUnlock();
exit_snoopreqput:
- virNWFilterSnoopReqPut(req);
+ if (!threadPuts)
+ virNWFilterSnoopReqPut(req);
return -1;
}
--
1.9.1