From 82766d1093daccc933bfcdae44d3634db61806fe Mon Sep 17 00:00:00 2001
From: Nikolaus Rath <Nikolaus@rath.org>
Date: Wed, 12 Jul 2017 16:43:23 +0200
Subject: sftp_readdir_async(): don't access request when it may have been
 freed

Fixes: #7
---
 sshfs.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'sshfs.c')

diff --git a/sshfs.c b/sshfs.c
index a20f727..f9ae9eb 100644
--- a/sshfs.c
+++ b/sshfs.c
@@ -2073,11 +2073,16 @@ static int sftp_readdir_async(struct buffer *handle, void *buf, off_t offset,
 			outstanding--;
 
 			if (done) {
+				/* We need to cache want_reply, since processing
+				   thread may free req right after unlock() if
+				   want_reply == 0 */
+				int want_reply;
 				pthread_mutex_lock(&sshfs.lock);
 				if (sshfs_req_pending(req))
 					req->want_reply = 0;
+				want_reply = req->want_reply;
 				pthread_mutex_unlock(&sshfs.lock);
-				if (!req->want_reply)
+				if (!want_reply)
 					continue;
 			}
 
-- 
cgit v1.2.3