Skip to content

Commit bc29b0a

Browse files
jiridanekjiridanek
committed
First pass through action_list must happen early
The actions on the list may deal with what is then freed: ``` 28: /home/travis/build/apache/qpid-dispatch/src/router_core/route_tables.c:530:17: runtime error: member access within null pointer of type 'struct qdr_node_t' 28: #0 0x3ff9628d5bd in qdr_set_cost_CT /home/travis/build/apache/qpid-dispatch/src/router_core/route_tables.c:530 28: #1 0x3ff9627e7cb in qdr_core_free /home/travis/build/apache/qpid-dispatch/src/router_core/router_core.c:251 28: #2 0x3ff962e13f9 in qd_router_free /home/travis/build/apache/qpid-dispatch/src/router_node.c:2160 28: #3 0x3ff9617979d in qd_dispatch_free /home/travis/build/apache/qpid-dispatch/src/dispatch.c:375 28: #4 0x3ff9617979d in qd_dispatch_free /home/travis/build/apache/qpid-dispatch/src/dispatch.c:363 28: #5 0x2aa23604fa9 in main_process /home/travis/build/apache/qpid-dispatch/router/src/main.c:119 28: #6 0x2aa23604a23 in main /home/travis/build/apache/qpid-dispatch/router/src/main.c:369 28: #7 0x3ff94faa5f9 in __libc_start_main (/lib/s390x-linux-gnu/libc.so.6+0x2a5f9) 28: #8 0x2aa23604d23 (/home/travis/build/apache/qpid-dispatch/build/router/qdrouterd+0x4d23) ```
1 parent dd4ccf4 commit bc29b0a

File tree

1 file changed

+25
-12
lines changed

1 file changed

+25
-12
lines changed

src/router_core/router_core.c

+25-12
Original file line numberDiff line numberDiff line change
@@ -131,6 +131,19 @@ qdr_core_t *qdr_core(qd_dispatch_t *qd, qd_router_mode_t mode, const char *area,
131131
return core;
132132
}
133133

134+
static void discard_left_over_actions(qdr_core_t *core)
135+
{
136+
qdr_action_list_t action_list;
137+
DEQ_MOVE(core->action_list, action_list);
138+
DEQ_APPEND(action_list, core->action_list_background);
139+
qdr_action_t *action = DEQ_HEAD(action_list);
140+
while (action) {
141+
DEQ_REMOVE_HEAD(action_list);
142+
action->action_handler(core, action, true);
143+
free_qdr_action_t(action);
144+
action = DEQ_HEAD(action_list);
145+
}
146+
}
134147

135148
void qdr_core_free(qdr_core_t *core)
136149
{
@@ -152,6 +165,14 @@ void qdr_core_free(qdr_core_t *core)
152165
core->router_id = 0;
153166
core->router_area = 0;
154167

168+
//
169+
// discard any left over actions
170+
//
171+
172+
discard_left_over_actions(core);
173+
// Drain the general work lists
174+
qdr_general_handler(core);
175+
155176
//
156177
// Free the core resources
157178
//
@@ -240,19 +261,11 @@ void qdr_core_free(qdr_core_t *core)
240261
// this must happen after qdrc_endpoint_do_cleanup_CT calls
241262
qdr_modules_finalize(core);
242263

243-
// discard any left over actions
244-
245-
qdr_action_list_t action_list;
246-
DEQ_MOVE(core->action_list, action_list);
247-
DEQ_APPEND(action_list, core->action_list_background);
248-
qdr_action_t *action = DEQ_HEAD(action_list);
249-
while (action) {
250-
DEQ_REMOVE_HEAD(action_list);
251-
action->action_handler(core, action, true);
252-
free_qdr_action_t(action);
253-
action = DEQ_HEAD(action_list);
254-
}
264+
//
265+
// discard any left over actions (again)
266+
//
255267

268+
discard_left_over_actions(core);
256269
// Drain the general work lists
257270
qdr_general_handler(core);
258271

0 commit comments

Comments
 (0)