From: Zhaolong Zhang Date: Mon, 17 Sep 2018 02:57:08 +0000 (-0700) Subject: Fix crash caused by race condition in timer creation X-Git-Tag: v9.13.4~142^2 X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=21966423cd7101a60ddfb3cf11f04f71c9fdd7b7;p=thirdparty%2Fbind9.git Fix crash caused by race condition in timer creation The race condition is the timer elapses before isc__timer_create() returns the pointer to the caller. Assigning the return pointer before enabling the timer will fix it. --- diff --git a/lib/isc/timer.c b/lib/isc/timer.c index 65b72b882be..628b9221e2f 100644 --- a/lib/isc/timer.c +++ b/lib/isc/timer.c @@ -398,8 +398,10 @@ isc__timer_create(isc_timermgr_t *manager0, isc_timertype_t type, result = schedule(timer, &now, true); else result = ISC_R_SUCCESS; - if (result == ISC_R_SUCCESS) + if (result == ISC_R_SUCCESS) { + *timerp = (isc_timer_t *)timer; APPEND(manager->timers, timer, link); + } UNLOCK(&manager->lock); @@ -412,8 +414,6 @@ isc__timer_create(isc_timermgr_t *manager0, isc_timertype_t type, return (result); } - *timerp = (isc_timer_t *)timer; - return (ISC_R_SUCCESS); }