From af1f87b96d3cdcd897362dd21964ecee55e25e90 Mon Sep 17 00:00:00 2001 From: Pierangelo Masarati Date: Tue, 2 May 2006 20:32:37 +0000 Subject: [PATCH] ldap_pvt_runqueue_next_sched() may return a pointer to data that's freed by task run earlier (ITS#4517) --- include/ldap_rq.h | 2 +- libraries/libldap_r/rq.c | 10 +++------- servers/slapd/daemon.c | 10 +++++----- 3 files changed, 9 insertions(+), 13 deletions(-) diff --git a/include/ldap_rq.h b/include/ldap_rq.h index 3e124778c9..1e3aea16f1 100644 --- a/include/ldap_rq.h +++ b/include/ldap_rq.h @@ -63,7 +63,7 @@ ldap_pvt_runqueue_remove( LDAP_F( struct re_s* ) ldap_pvt_runqueue_next_sched( struct runqueue_s* rq, - struct timeval** next_run + struct timeval* next_run ); LDAP_F( void ) diff --git a/libraries/libldap_r/rq.c b/libraries/libldap_r/rq.c index 2ee0db6100..e692c628ed 100644 --- a/libraries/libldap_r/rq.c +++ b/libraries/libldap_r/rq.c @@ -99,20 +99,16 @@ ldap_pvt_runqueue_remove( struct re_s* ldap_pvt_runqueue_next_sched( struct runqueue_s* rq, - struct timeval** next_run + struct timeval* next_run ) { struct re_s* entry; entry = LDAP_STAILQ_FIRST( &rq->task_list ); - if ( entry == NULL ) { - *next_run = NULL; - return NULL; - } else if ( entry->next_sched.tv_sec == 0 ) { - *next_run = NULL; + if ( entry == NULL || entry->next_sched.tv_sec == 0 ) { return NULL; } else { - *next_run = &entry->next_sched; + *next_run = entry->next_sched; return entry; } } diff --git a/servers/slapd/daemon.c b/servers/slapd/daemon.c index 8d44358f4c..4e93170bc1 100644 --- a/servers/slapd/daemon.c +++ b/servers/slapd/daemon.c @@ -1729,7 +1729,7 @@ slapd_daemon_task( struct timeval tv; struct timeval *tvp; - struct timeval *cat; + struct timeval cat; time_t tdelta = 1; struct re_s* rtask; now = slap_get_time(); @@ -1810,7 +1810,7 @@ slapd_daemon_task( ldap_pvt_thread_mutex_lock( &slapd_rq.rq_mutex ); rtask = ldap_pvt_runqueue_next_sched( &slapd_rq, &cat ); - while ( cat && cat->tv_sec && cat->tv_sec <= now ) { + while ( rtask && cat.tv_sec && cat.tv_sec <= now ) { if ( ldap_pvt_runqueue_isrunning( &slapd_rq, rtask )) { ldap_pvt_runqueue_resched( &slapd_rq, rtask, 0 ); } else { @@ -1818,15 +1818,15 @@ slapd_daemon_task( ldap_pvt_runqueue_resched( &slapd_rq, rtask, 0 ); ldap_pvt_thread_mutex_unlock( &slapd_rq.rq_mutex ); ldap_pvt_thread_pool_submit( &connection_pool, - rtask->routine, (void *) rtask ); + rtask->routine, (void *) rtask ); ldap_pvt_thread_mutex_lock( &slapd_rq.rq_mutex ); } rtask = ldap_pvt_runqueue_next_sched( &slapd_rq, &cat ); } ldap_pvt_thread_mutex_unlock( &slapd_rq.rq_mutex ); - if ( cat && cat->tv_sec ) { - time_t diff = difftime( cat->tv_sec, now ); + if ( rtask && cat.tv_sec ) { + time_t diff = difftime( cat.tv_sec, now ); if ( diff == 0 ) diff = tdelta; if ( tvp == NULL || diff < tv.tv_sec ) { tv.tv_sec = diff;