* server/mpm_unix.c (ap_reclaim_child_processes, ap_relieve_child_processes):

  Fix use after free warning with gcc -fanalyzer.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1892413 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/server/mpm_unix.c b/server/mpm_unix.c
index 8c4d233792d616d6d9244e47f1a628b26a12297e..ed4555ad0b43e3119985f12bd41ebb55337a46a2 100644 (file)
--- a/server/mpm_unix.c
+++ b/server/mpm_unix.c
@@ -259,10 +259,12 @@ AP_DECLARE(void) ap_reclaim_child_processes(int terminate,
         while (cur_extra) {
             ap_generation_t old_gen;
             extra_process_t *next = cur_extra->next;
+            pid_t pid = cur_extra->pid;
 
-            if (reclaim_one_pid(cur_extra->pid, action_table[cur_action].action)) {
-                if (ap_unregister_extra_mpm_process(cur_extra->pid, &old_gen) == 1) {
-                    mpm_callback(-1, cur_extra->pid, old_gen);
+            if (reclaim_one_pid(pid, action_table[cur_action].action)) {
+                if (ap_unregister_extra_mpm_process(pid, &old_gen) == 1) {
+                    /* cur_extra dangling pointer from here. */
+                    mpm_callback(-1, pid, old_gen);
                 }
                 else {
                     AP_DEBUG_ASSERT(1 == 0);
@@ -307,10 +309,12 @@ AP_DECLARE(void) ap_relieve_child_processes(ap_reclaim_callback_fn_t *mpm_callba
     while (cur_extra) {
         ap_generation_t old_gen;
         extra_process_t *next = cur_extra->next;
+        pid_t pid = cur_extra->pid;
 
-        if (reclaim_one_pid(cur_extra->pid, DO_NOTHING)) {
-            if (ap_unregister_extra_mpm_process(cur_extra->pid, &old_gen) == 1) {
-                mpm_callback(-1, cur_extra->pid, old_gen);
+        if (reclaim_one_pid(pid, DO_NOTHING)) {
+            if (ap_unregister_extra_mpm_process(pid, &old_gen) == 1) {
+                /* cur_extra dangling pointer from here. */
+                mpm_callback(-1, pid, old_gen);
             }
             else {
                 AP_DEBUG_ASSERT(1 == 0);