virNetSocketRemoveIOCallback get sock's ObjectLock and will call virNetSocketEventFree. virNetSocketEventFree may be free sock object and virNetSocketRemoveIOCallback will access a null pointer in release sock's ObjectLock.
Signed-off-by: Liu Yun <[email protected]> Signed-off-by: Peng Hao <[email protected]> --- src/rpc/virnetsocket.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c index d228c8a..8b550e8 100644 --- a/src/rpc/virnetsocket.c +++ b/src/rpc/virnetsocket.c @@ -2140,14 +2140,12 @@ static void virNetSocketEventFree(void *opaque) virFreeCallback ff; void *eopaque; - virObjectLock(sock); ff = sock->ff; eopaque = sock->opaque; sock->func = NULL; sock->ff = NULL; sock->opaque = NULL; - virObjectUnlock(sock); - + if (ff) ff(eopaque); @@ -2207,6 +2205,7 @@ void virNetSocketUpdateIOCallback(virNetSocketPtr sock, void virNetSocketRemoveIOCallback(virNetSocketPtr sock) { + virObjectRef(sock); virObjectLock(sock); if (sock->watch < 0) { @@ -2220,6 +2219,7 @@ void virNetSocketRemoveIOCallback(virNetSocketPtr sock) sock->watch = -1; virObjectUnlock(sock); + virObjectRef(sock); } void virNetSocketClose(virNetSocketPtr sock) -- 1.8.3.1 -- libvir-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/libvir-list
