avoid dereferencing a recently apr_pool_clear()'ed event_conn_state_t *cs

author Eric Covener <covener@apache.org>

Wed, 12 Nov 2014 17:32:24 +0000 (17:32 +0000)

committer Eric Covener <covener@apache.org>

Wed, 12 Nov 2014 17:32:24 +0000 (17:32 +0000)
author Eric Covener <covener@apache.org>
Wed, 12 Nov 2014 17:32:24 +0000 (17:32 +0000)
committer Eric Covener <covener@apache.org>
Wed, 12 Nov 2014 17:32:24 +0000 (17:32 +0000)
diff --git a/server/mpm/event/event.c b/server/mpm/event/event.c

index 2003977b638a2fc80ce956c51dc70b8b2a5be463..692119ba156d12d4b1ae489960a3e74dbee47dec 100644 (file)
--- a/server/mpm/event/event.c
+++ b/server/mpm/event/event.c
@@ -852,6 +852,7 @@ static int start_lingering_close_common(event_conn_state_t *cs)
      rv = apr_pollset_add(event_pollset, &cs->pfd);
      apr_thread_mutex_unlock(timeout_mutex);
      if (rv != APR_SUCCESS && !APR_STATUS_IS_EEXIST(rv)) {
+        apr_pool_t *p = cs->p;
          ap_log_error(APLOG_MARK, APLOG_ERR, rv, ap_server_conf,
                       "start_lingering_close: apr_pollset_add failure");
          apr_thread_mutex_lock(timeout_mutex);
@@ -859,7 +860,7 @@ static int start_lingering_close_common(event_conn_state_t *cs)
          apr_thread_mutex_unlock(timeout_mutex);
          apr_socket_close(cs->pfd.desc.s);
          apr_pool_clear(cs->p);
-        ap_push_pool(worker_queue_info, cs->p);
+        ap_push_pool(worker_queue_info, p);
          return 0;
      }
      return 1;
@@ -876,8 +877,9 @@ static int start_lingering_close_common(event_conn_state_t *cs)
  static int start_lingering_close_blocking(event_conn_state_t *cs)
  {
      if (ap_start_lingering_close(cs->c)) {
+        apr_pool_t *p = cs->p;
          apr_pool_clear(cs->p);
-        ap_push_pool(worker_queue_info, cs->p);
+        ap_push_pool(worker_queue_info, p);
          return 0;
      }
      return start_lingering_close_common(cs);
@@ -919,6 +921,7 @@ static int stop_lingering_close(event_conn_state_t *cs)
  {
      apr_status_t rv;
      apr_socket_t *csd = ap_get_conn_socket(cs->c);
+    apr_pool_t *p = cs->p;
      ap_log_error(APLOG_MARK, APLOG_TRACE4, 0, ap_server_conf,
                   "socket reached timeout in lingering-close state");
      rv = apr_socket_close(csd);
@@ -927,7 +930,7 @@ static int stop_lingering_close(event_conn_state_t *cs)
          AP_DEBUG_ASSERT(0);
      }
      apr_pool_clear(cs->p);
-    ap_push_pool(worker_queue_info, cs->p);
+    ap_push_pool(worker_queue_info, p);
      return 0;
  }
  
@@ -1351,6 +1354,7 @@ static apr_status_t push2worker(const apr_pollfd_t * pfd,
  
      rc = ap_queue_push(worker_queue, cs->pfd.desc.s, cs, cs->p);
      if (rc != APR_SUCCESS) {
+        apr_pool_t *p = cs->p;
          /* trash the connection; we couldn't queue the connected
           * socket to a worker
           */
@@ -1359,7 +1363,7 @@ static apr_status_t push2worker(const apr_pollfd_t * pfd,
          ap_log_error(APLOG_MARK, APLOG_CRIT, rc,
                       ap_server_conf, APLOGNO(00471) "push2worker: ap_queue_push failed");
          apr_pool_clear(cs->p);
-        ap_push_pool(worker_queue_info, cs->p);
+        ap_push_pool(worker_queue_info, p);
      }
  
      return rc;
@@ -1580,6 +1584,7 @@ static void process_lingering_close(event_conn_state_t *cs, const apr_pollfd_t *
      apr_size_t nbytes;
      apr_status_t rv;
      struct timeout_queue *q;
+    apr_pool_t *p = cs->p;
      q = (cs->pub.state == CONN_STATE_LINGER_SHORT) ?  &short_linger_q : &linger_q;
  
      /* socket is already in non-blocking state */
@@ -1604,7 +1609,7 @@ static void process_lingering_close(event_conn_state_t *cs, const apr_pollfd_t *
      TO_QUEUE_ELEM_INIT(cs);
  
      apr_pool_clear(cs->p);
-    ap_push_pool(worker_queue_info, cs->p);
+    ap_push_pool(worker_queue_info, p);
  }
  
  /* call 'func' for all elements of 'q' with timeout less than 'timeout_time'.
author	Eric Covener <covener@apache.org>
	Wed, 12 Nov 2014 17:32:24 +0000 (17:32 +0000)
committer	Eric Covener <covener@apache.org>
	Wed, 12 Nov 2014 17:32:24 +0000 (17:32 +0000)