ka maybe have been freeed in virObjectUnref, application using
virKeepAliveTimer will segfault when unlock ka. We should keep
ka's refs positive before using it.
Signed-off-by: Yi Wang <wang.yi59@xxxxxxxxxx>
---
src/rpc/virkeepalive.c | 11 ++++-------
1 file changed, 4 insertions(+), 7 deletions(-)
diff --git a/src/rpc/virkeepalive.c b/src/rpc/virkeepalive.c
index c9faf88..4f666fd 100644
--- a/src/rpc/virkeepalive.c
+++ b/src/rpc/virkeepalive.c
@@ -160,17 +160,17 @@ virKeepAliveTimer(int timer ATTRIBUTE_UNUSED, void *opaque)
bool dead;
void *client;
+ virObjectRef(ka);
virObjectLock(ka);
client = ka->client;
dead = virKeepAliveTimerInternal(ka, &msg);
+ virObjectUnlock(ka);
+
if (!dead && !msg)
goto cleanup;
- virObjectRef(ka);
- virObjectUnlock(ka);
-
if (dead) {
ka->deadCB(client);
} else if (ka->sendCB(client, msg) < 0) {
@@ -178,11 +178,8 @@ virKeepAliveTimer(int timer ATTRIBUTE_UNUSED, void *opaque)
virNetMessageFree(msg);
}
- virObjectLock(ka);
- virObjectUnref(ka);
-
cleanup:
- virObjectUnlock(ka);
+ virObjectUnref(ka);
}
--
1.8.3.1
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
