[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 1/5] aio-posix: fix use after leaving scope in aio_poll()
From: |
Sergio Lopez |
Subject: |
Re: [PATCH 1/5] aio-posix: fix use after leaving scope in aio_poll() |
Date: |
Wed, 19 Feb 2020 08:02:35 +0100 |
On Fri, Feb 14, 2020 at 05:17:08PM +0000, Stefan Hajnoczi wrote:
> epoll_handler is a stack variable and must not be accessed after it goes
> out of scope:
>
> if (aio_epoll_check_poll(ctx, pollfds, npfd, timeout)) {
> AioHandler epoll_handler;
> ...
> add_pollfd(&epoll_handler);
> ret = aio_epoll(ctx, pollfds, npfd, timeout);
> } ...
>
> ...
>
> /* if we have any readable fds, dispatch event */
> if (ret > 0) {
> for (i = 0; i < npfd; i++) {
> nodes[i]->pfd.revents = pollfds[i].revents;
> }
> }
>
> nodes[0] is &epoll_handler, which has already gone out of scope.
>
> There is no need to use pollfds[] for epoll. We don't need an
> AioHandler for the epoll fd.
>
> Signed-off-by: Stefan Hajnoczi <address@hidden>
> ---
> util/aio-posix.c | 20 ++++++++------------
> 1 file changed, 8 insertions(+), 12 deletions(-)
Reviewed-by: Sergio Lopez <address@hidden>
signature.asc
Description: PGP signature