From: Wouter Wijngaards Date: Thu, 15 Mar 2018 13:32:19 +0000 (+0000) Subject: - Fix #3817: core dump happens in libunbound delete, when queued X-Git-Tag: release-1.7.1rc1~77 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=59935375a37f11bddb975e98f85b3205086a4133;p=thirdparty%2Funbound.git - Fix #3817: core dump happens in libunbound delete, when queued servfail hits deleted message queue. git-svn-id: file:///svn/unbound/trunk@4587 be551aaa-1e26-0410-a405-d3ace91eadb9 --- diff --git a/doc/Changelog b/doc/Changelog index 0d0123f93..6432a3471 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -5,6 +5,8 @@ And unbound should be built with both --enable-cachedb and --with-libhiredis[=PATH] (where $PATH/include/hiredis/hiredis.h should exist). Patch from Jinmei Tatuya (Infoblox). + - Fix #3817: core dump happens in libunbound delete, when queued + servfail hits deleted message queue. 13 March 2018: Wouter - Fix typo in documentation. diff --git a/libunbound/libworker.c b/libunbound/libworker.c index 2c7b2cf07..155f987de 100644 --- a/libunbound/libworker.c +++ b/libunbound/libworker.c @@ -365,6 +365,7 @@ libworker_dobg(void* arg) /* cleanup */ m = UB_LIBCMD_QUIT; + w->want_quit = 1; tube_remove_bg_listen(w->ctx->qq_pipe); tube_remove_bg_write(w->ctx->rr_pipe); libworker_delete(w); @@ -713,6 +714,10 @@ add_bg_result(struct libworker* w, struct ctx_query* q, sldns_buffer* pkt, uint8_t* msg = NULL; uint32_t len = 0; + if(w->want_quit) { + context_query_delete(q); + return; + } /* serialize and delete unneeded q */ if(w->is_bg_thread) { lock_basic_lock(&w->ctx->cfglock); diff --git a/libunbound/libworker.h b/libunbound/libworker.h index b546e89f2..42aa5bae3 100644 --- a/libunbound/libworker.h +++ b/libunbound/libworker.h @@ -75,6 +75,8 @@ struct libworker { int is_bg; /** is this a bg worker that is threaded (not forked)? */ int is_bg_thread; + /** want to quit, stop handling new content */ + int want_quit; /** copy of the module environment with worker local entries. */ struct module_env* env; diff --git a/util/tube.c b/util/tube.c index f42d22cb3..dc6e3c2e7 100644 --- a/util/tube.c +++ b/util/tube.c @@ -454,8 +454,9 @@ int tube_setup_bg_write(struct tube* tube, struct comm_base* base) int tube_queue_item(struct tube* tube, uint8_t* msg, size_t len) { - struct tube_res_list* item = - (struct tube_res_list*)malloc(sizeof(*item)); + struct tube_res_list* item; + if(!tube || !tube->res_com) return 0; + item = (struct tube_res_list*)malloc(sizeof(*item)); if(!item) { free(msg); log_err("out of memory for async answer"); @@ -687,8 +688,9 @@ int tube_setup_bg_write(struct tube* ATTR_UNUSED(tube), int tube_queue_item(struct tube* tube, uint8_t* msg, size_t len) { - struct tube_res_list* item = - (struct tube_res_list*)malloc(sizeof(*item)); + struct tube_res_list* item; + if(!tube) return 0; + item = (struct tube_res_list*)malloc(sizeof(*item)); verbose(VERB_ALGO, "tube queue_item len %d", (int)len); if(!item) { free(msg);