ldap_pvt_runqueue_next_sched() may return a pointer to data that's freed by task run earlier (ITS#4517)

This commit is contained in:
Pierangelo Masarati 2006-05-02 20:32:37 +00:00
parent 608c85a9f0
commit af1f87b96d
3 changed files with 9 additions and 13 deletions

View File

@ -63,7 +63,7 @@ ldap_pvt_runqueue_remove(
LDAP_F( struct re_s* )
ldap_pvt_runqueue_next_sched(
struct runqueue_s* rq,
struct timeval** next_run
struct timeval* next_run
);
LDAP_F( void )

View File

@ -99,20 +99,16 @@ ldap_pvt_runqueue_remove(
struct re_s*
ldap_pvt_runqueue_next_sched(
struct runqueue_s* rq,
struct timeval** next_run
struct timeval* next_run
)
{
struct re_s* entry;
entry = LDAP_STAILQ_FIRST( &rq->task_list );
if ( entry == NULL ) {
*next_run = NULL;
return NULL;
} else if ( entry->next_sched.tv_sec == 0 ) {
*next_run = NULL;
if ( entry == NULL || entry->next_sched.tv_sec == 0 ) {
return NULL;
} else {
*next_run = &entry->next_sched;
*next_run = entry->next_sched;
return entry;
}
}

View File

@ -1729,7 +1729,7 @@ slapd_daemon_task(
struct timeval tv;
struct timeval *tvp;
struct timeval *cat;
struct timeval cat;
time_t tdelta = 1;
struct re_s* rtask;
now = slap_get_time();
@ -1810,7 +1810,7 @@ slapd_daemon_task(
ldap_pvt_thread_mutex_lock( &slapd_rq.rq_mutex );
rtask = ldap_pvt_runqueue_next_sched( &slapd_rq, &cat );
while ( cat && cat->tv_sec && cat->tv_sec <= now ) {
while ( rtask && cat.tv_sec && cat.tv_sec <= now ) {
if ( ldap_pvt_runqueue_isrunning( &slapd_rq, rtask )) {
ldap_pvt_runqueue_resched( &slapd_rq, rtask, 0 );
} else {
@ -1825,8 +1825,8 @@ slapd_daemon_task(
}
ldap_pvt_thread_mutex_unlock( &slapd_rq.rq_mutex );
if ( cat && cat->tv_sec ) {
time_t diff = difftime( cat->tv_sec, now );
if ( rtask && cat.tv_sec ) {
time_t diff = difftime( cat.tv_sec, now );
if ( diff == 0 ) diff = tdelta;
if ( tvp == NULL || diff < tv.tv_sec ) {
tv.tv_sec = diff;