From 3d5cfee348e8556b222516bf57a3031788e7bac7 Mon Sep 17 00:00:00 2001
From: Johan Wikman <johan.wikman@mariadb.com>
Date: Thu, 29 Sep 2016 09:34:35 +0300
Subject: [PATCH] housekeeper: Copy data to prevent access of freed data

---
 server/core/housekeeper.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/server/core/housekeeper.c b/server/core/housekeeper.c
index 1dff3ad7b..c9294eab7 100644
--- a/server/core/housekeeper.c
+++ b/server/core/housekeeper.c
@@ -275,11 +275,16 @@ hkthread(void *data)
                 ptr->nextdue = now + ptr->frequency;
                 taskfn = ptr->task;
                 taskdata = ptr->data;
+                // We need to copy type and name, in case hktask_remove is called from
+                // the callback. Otherwise we will access freed data.
+                HKTASK_TYPE type = ptr->type;
+                char name[strlen(ptr->name) + 1];
+                strcpy(name, ptr->name);
                 spinlock_release(&tasklock);
                 (*taskfn)(taskdata);
-                if (ptr->type == HK_ONESHOT)
+                if (type == HK_ONESHOT)
                 {
-                    hktask_remove(ptr->name);
+                    hktask_remove(name);
                 }
                 spinlock_acquire(&tasklock);
                 ptr = tasks;