From cc5d6bbbc5b7e78296f5245988b9ba947076a1b8 Mon Sep 17 00:00:00 2001
From: Nikolaus Rath <Nikolaus@rath.org>
Date: Wed, 12 Jul 2017 16:43:23 +0200
Subject: sftp_readdir_async(): don't access request when it may have been
 freed

Fixes: #7
---
 ChangeLog.rst | 2 ++
 sshfs.c       | 7 ++++++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/ChangeLog.rst b/ChangeLog.rst
index 49163cd..36ea132 100644
--- a/ChangeLog.rst
+++ b/ChangeLog.rst
@@ -1,6 +1,8 @@
 Unreleased Changes
 ------------------
 
+* Fixed a crash due to a race condition when listing
+  directory contents.
 * Added unit tests
 * Documented limited hardlink support.
 * Added support for building with Meson.
diff --git a/sshfs.c b/sshfs.c
index 567c9f8..14ac12f 100644
--- a/sshfs.c
+++ b/sshfs.c
@@ -2072,11 +2072,16 @@ static int sftp_readdir_async(struct buffer *handle, fuse_cache_dirh_t h,
 			outstanding--;
 
 			if (done) {
+				/* We need to cache want_reply, since processing
+				   thread may free req right after unlock() if
+				   want_reply == 0 */
+				int want_reply;
 				pthread_mutex_lock(&sshfs.lock);
 				if (sshfs_req_pending(req))
 					req->want_reply = 0;
+				want_reply = req->want_reply;
 				pthread_mutex_unlock(&sshfs.lock);
-				if (!req->want_reply)
+				if (!want_reply)
 					continue;
 			}
 
-- 
cgit v1.2.3