From 8c879e7fd784e0f19659352b84daafb3c9faffaf Mon Sep 17 00:00:00 2001 From: Dan Hyde Date: Wed, 6 Jan 2010 10:49:39 -0500 Subject: [PATCH] volmonitor copy link before calling free Copy tt->next before TRELE(tt) calls free(tt). We have a core file from a VTRANS_OBJ_LOCK(tt) assert failure, with tt pointing into glibc's malloc data structures. (cherry picked from commit 81ca1e19600681a2c5696610130b9a39809bb1c1) Change-Id: I5ba81f9e3a76f52578ab3b9dec394b6d95b03934 Reviewed-on: http://gerrit.openafs.org/1586 Reviewed-by: Dan Hyde Tested-by: Dan Hyde Reviewed-by: Derrick Brashear (cherry picked from commit 0583af324ca2cbc556722b9e84d85cad49cfc622) --- src/volser/volprocs.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/volser/volprocs.c b/src/volser/volprocs.c index 48cd7a0c3..bdf5ab1ef 100644 --- a/src/volser/volprocs.c +++ b/src/volser/volprocs.c @@ -2642,7 +2642,7 @@ VolMonitor(struct rx_call *acid, transDebugEntries *transInfo) { transDebugInfo *pntr; afs_int32 allocSize = 50; - struct volser_trans *tt, *allTrans; + struct volser_trans *tt, *nt, *allTrans; transInfo->transDebugEntries_val = (transDebugInfo *) malloc(allocSize * sizeof(transDebugInfo)); @@ -2655,8 +2655,9 @@ VolMonitor(struct rx_call *acid, transDebugEntries *transInfo) allTrans = TransList(); if (allTrans == (struct volser_trans *)0) goto done; /*no active transactions */ - for (tt = allTrans; tt; tt = tt->next) { /*copy relevant info into pntr */ + for (tt = allTrans; tt; tt = nt) { /*copy relevant info into pntr */ THOLD(tt); /* do not delete tt while copying info */ + nt = tt->next; VTRANS_UNLOCK; VTRANS_OBJ_LOCK(tt); pntr->tid = tt->tid; -- 2.39.5