volmonitor copy link before calling free

Copy tt->next before TRELE(tt) calls free(tt).

We have a core file from a VTRANS_OBJ_LOCK(tt) assert failure, with tt
pointing into glibc's malloc data structures.

Change-Id: Id52b774520c59c224b58f5d507cc490dafea5ca1
Reviewed-on: http://gerrit.openafs.org/1069
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Thomas L. Kula <tkula@umich.edu>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Dan Hyde <drh@umich.edu>
Reviewed-by: Derrick Brashear <shadow@dementia.org>

diff --git a/src/volser/volprocs.c b/src/volser/volprocs.c
index 9afc8995ad12712510782c21d122cfc8df2e6d39..6ead0a5cc15573c76e069ab39ad44a1088e6c1b8 100644 (file)
--- a/src/volser/volprocs.c
+++ b/src/volser/volprocs.c
@@ -2701,7 +2701,7 @@ VolMonitor(struct rx_call *acid, transDebugEntries *transInfo)
 {
     transDebugInfo *pntr;
     afs_int32 allocSize = 50;
-    struct volser_trans *tt, *allTrans;
+    struct volser_trans *tt, *nt, *allTrans;
 
     transInfo->transDebugEntries_val =
        (transDebugInfo *) malloc(allocSize * sizeof(transDebugInfo));
@@ -2714,8 +2714,9 @@ VolMonitor(struct rx_call *acid, transDebugEntries *transInfo)
     allTrans = TransList();
     if (allTrans == (struct volser_trans *)0)
        goto done;              /*no active transactions */
-    for (tt = allTrans; tt; tt = tt->next) {   /*copy relevant info into pntr */
+    for (tt = allTrans; tt; tt = nt) { /*copy relevant info into pntr */
         THOLD(tt);  /* do not delete tt while copying info */
+       nt = tt->next;
         VTRANS_UNLOCK;
         VTRANS_OBJ_LOCK(tt);
        pntr->tid = tt->tid;