diff options
| author | Nikolaus Rath <Nikolaus@rath.org> | 2017-07-12 16:43:23 +0200 |
|---|---|---|
| committer | Nikolaus Rath <Nikolaus@rath.org> | 2017-07-12 16:45:17 +0200 |
| commit | 82766d1093daccc933bfcdae44d3634db61806fe (patch) | |
| tree | 1af965563e394eb5d08fc7c27576c500e9dc5a7c | |
| parent | 6f6491cd1362e00c353d1edc918ba187c4427411 (diff) | |
| download | sshfs-82766d1093daccc933bfcdae44d3634db61806fe.tar sshfs-82766d1093daccc933bfcdae44d3634db61806fe.tar.gz sshfs-82766d1093daccc933bfcdae44d3634db61806fe.tar.bz2 sshfs-82766d1093daccc933bfcdae44d3634db61806fe.zip | |
sftp_readdir_async(): don't access request when it may have been freed
Fixes: #7
| -rw-r--r-- | ChangeLog.rst | 6 | ||||
| -rw-r--r-- | sshfs.c | 7 |
2 files changed, 12 insertions, 1 deletions
diff --git a/ChangeLog.rst b/ChangeLog.rst index b1f7b79..606fa9d 100644 --- a/ChangeLog.rst +++ b/ChangeLog.rst @@ -1,3 +1,9 @@ +Unreleased Changes +------------------ + +* Fixed a crash due to a race condition when listing + directory contents. + Release 3.0.0 (2017-07-08) -------------------------- @@ -2073,11 +2073,16 @@ static int sftp_readdir_async(struct buffer *handle, void *buf, off_t offset, outstanding--; if (done) { + /* We need to cache want_reply, since processing + thread may free req right after unlock() if + want_reply == 0 */ + int want_reply; pthread_mutex_lock(&sshfs.lock); if (sshfs_req_pending(req)) req->want_reply = 0; + want_reply = req->want_reply; pthread_mutex_unlock(&sshfs.lock); - if (!req->want_reply) + if (!want_reply) continue; } |