One uninitialized read in dcb_set_state_nomutex. One read of freed memory in dcb_process_zombies.

The former may have affected on the program behavior. The latter left in many cases fds open and dcbs not freed for real.
2013-09-12 10:00:55 +03:00
parent 092795d95b
commit 33fc1737d5
1 changed files with 5 additions and 4 deletions
--- a/server/core/dcb.c
+++ b/server/core/dcb.c
@ -384,6 +384,7 @@ bool    succp = false;
        dcb = dcb_list;

        while (dcb != NULL) {
+		DCB* dcb_next = NULL;
                /**
                 * Close file descriptor and move to clean-up phase.
                 */
@ -391,8 +392,9 @@ bool    succp = false;
                ss_debug(dcb->fd = 0;)
                succp = dcb_set_state(dcb, DCB_STATE_DISCONNECTED, NULL);
                ss_dassert(succp);
+		dcb_next = dcb->memdata.next;
                dcb_final_free(dcb);
-                dcb = dcb->memdata.next;
+                dcb = dcb_next;
        }
 }

@ -982,7 +984,7 @@ static bool dcb_set_state_nomutex(
        const dcb_state_t new_state,
        dcb_state_t*      old_state)
 {
-        bool        succp;
+        bool        succp = false;
        dcb_state_t state = DCB_STATE_UNDEFINED;
        
        CHK_DCB(dcb);
@ -1016,7 +1018,6 @@ static bool dcb_set_state_nomutex(
        case DCB_STATE_POLLING:
                switch(new_state) {
                case DCB_STATE_NOPOLLING:
-                case DCB_STATE_LISTENING:
                        dcb->state = new_state;
                        succp = true;
                        break;
@ -1028,7 +1029,7 @@ static bool dcb_set_state_nomutex(

        case DCB_STATE_LISTENING:
                switch(new_state) {
-                case DCB_STATE_POLLING:
+                case DCB_STATE_NOPOLLING:
                        dcb->state = new_state;
                        succp = true;
                        break;