The more correct fix is to move the cbdataReferenceDoneValid call up
above where the aqe is cleared.. one should not copy cbdata pointers
unless absolutely needed...
int valid;
...
valid = cbdataReferenceDoneValid(&aqe->callback_data, &cbdata);
...
if (valid) {
...
}
[full patch attached, applied to HEAD and 2.5]
Regards
Henrik
On Sunday 19 May 2002 13:54, Guido Serassio wrote:
> Hi Henrik,
>
> I'm working on port COSS on WIN32.
> I'have just found a fatal BUG in COSS:
> In the function a_file_callback() in async_io.c, the structure aqe
> is cleared before the call to cbdataReferenceValidDone(), so the
> cbdata pointer is invalid.
> The following can be a possible fix:
>
> Index: async_io.c
> ===================================================================
> RCS file: /cvsroot/squid/squid/src/fs/coss/async_io.c,v
> retrieving revision 1.3.26.1
> diff -u -p -r1.3.26.1 async_io.c
> --- async_io.c 17 Apr 2002 18:58:23 -0000 1.3.26.1
> +++ async_io.c 19 May 2002 11:53:07 -0000
> @@ -159,6 +159,7 @@ a_file_callback(async_queue_t * q)
> DWCB *wc;
> FREE *freefunc;
> void *cbdata;
> + void *callback_data;
> void *buf;
> int fd;
> async_queue_entry_t *aqe;
> @@ -186,6 +187,7 @@ a_file_callback(async_queue_t * q)
> buf = aqe->aq_e_buf;
> fd = aqe->aq_e_fd;
> type = aqe->aq_e_type;
> + callback_data = aqe->aq_e_callback_data;
>
> /* Free slot */
> bzero(aqe, sizeof(async_queue_entry_t));
> @@ -193,7 +195,7 @@ a_file_callback(async_queue_t * q)
> q->aq_numpending--;
>
> /* Callback */
> - if
> (cbdataReferenceValidDone(aqe->aq_e_callback_data, &cbdata)) {
> + if (cbdataReferenceValidDone(callback_data,
> &cbdata)) { if (type == AQ_ENTRY_READ)
> rc(fd, buf, retval, reterr, cbdata);
> if (type == AQ_ENTRY_WRITE)
>
> Regards
>
> Guido
>
>
>
> -
> =======================================================
> Serassio Guido
> Via Albenga, 11/4 10134 -
> Torino - ITALY E-mail: guido.serassio@serassio.it
> WWW: http://www.serassio.it
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:15:28 MST