Re: trafficserver git commit: [TS-3949] Prevent active timeout event from firing after PluginVC is closed.

Mon, 28 Sep 2015 08:19:37 -0700 

Yeah, I agree - my main motivation behind adding the change is to not let the 
Assert fire from INKContInternal::handle_event. 
I've changed the title to "Ignore timeout event on close".
FWIW, similar code to ignore events on closed state, exists in 
PluginVC::process_write_side and PluginVC::process_read_side as well, so, this 
only makes it consistent, I suppose.
https://github.com/apache/trafficserver/blob/master/proxy/PluginVC.cc#L593

https://github.com/apache/trafficserver/blob/master/proxy/PluginVC.cc#L477

Thanks,
Sudheer

 


     On Sunday, September 27, 2015 6:20 PM, James Peach <jpe...@apache.org> 
wrote:
   

 
> On Sep 26, 2015, at 10:41 PM, sudhe...@apache.org wrote:
> 
> Repository: trafficserver
> Updated Branches:
>  refs/heads/master f9a6930fc -> ae9a343a9
> 
> 
> [TS-3949] Prevent active timeout event from firing
> after PluginVC is closed.
> 
> 
> Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
> Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/ae9a343a
> Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/ae9a343a
> Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/ae9a343a
> 
> Branch: refs/heads/master
> Commit: ae9a343a9ba861240d938c3c47391e3de5011a25
> Parents: f9a6930
> Author: Sudheer Vinukonda <sudhe...@yahoo-inc.com>
> Authored: Sun Sep 27 05:41:10 2015 +0000
> Committer: Sudheer Vinukonda <sudhe...@yahoo-inc.com>
> Committed: Sun Sep 27 05:41:10 2015 +0000
> 
> ----------------------------------------------------------------------
> proxy/PluginVC.cc | 6 ++++++
> 1 file changed, 6 insertions(+)
> ----------------------------------------------------------------------
> 
> 
> http://git-wip-us.apache.org/repos/asf/trafficserver/blob/ae9a343a/proxy/PluginVC.cc
> ----------------------------------------------------------------------
> diff --git a/proxy/PluginVC.cc b/proxy/PluginVC.cc
> index d1072ad..fb29696 100644
> --- a/proxy/PluginVC.cc
> +++ b/proxy/PluginVC.cc
> @@ -743,6 +743,12 @@ PluginVC::process_timeout(Event **e, int event_to_send)
> {
>  ink_assert(*e == inactive_event || *e == active_event);
> 
> +  if (closed) {
> +    // already closed, ignore the timeout event
> +    // to avoid handle_event asserting use-after-free
> +    return;
> +  }

Then isn't reading PluginVC::closed also a use-after-free?

J

Reply via email to