VirtualBox

Changeset 66665 in vbox for trunk


Ignore:
Timestamp:
Apr 24, 2017 6:45:16 PM (8 years ago)
Author:
vboxsync
Message:

Storage/VD: Don't access any members of the I/O context after calling the completion handler if the I/O context is not going to be destroyed by the code calling the completion handler. Fixes crashes with synchronous I/O where the context lives on the stack and might not be valid anymore when the completion handler returned

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/VBox/Storage/VD.cpp

    r66488 r66665  
    14521452            LogFlowFunc(("Waiting I/O context completed pTmp=%#p\n", pTmp));
    14531453            vdThreadFinishWrite(pDisk);
     1454
     1455            bool fFreeCtx = RT_BOOL(!(pTmp->fFlags & VDIOCTX_FLAGS_DONT_FREE));
    14541456            vdIoCtxRootComplete(pDisk, pTmp);
    1455             vdIoCtxFree(pDisk, pTmp);
     1457
     1458            if (fFreeCtx)
     1459                vdIoCtxFree(pDisk, pTmp);
    14561460        }
    14571461    }
     
    15071511            LogFlowFunc(("Waiting I/O context completed pTmp=%#p\n", pTmp));
    15081512            vdThreadFinishWrite(pDisk);
     1513
     1514            bool fFreeCtx = RT_BOOL(!(pTmp->fFlags & VDIOCTX_FLAGS_DONT_FREE));
    15091515            vdIoCtxRootComplete(pDisk, pTmp);
    1510             vdIoCtxFree(pDisk, pTmp);
     1516            if (fFreeCtx)
     1517                vdIoCtxFree(pDisk, pTmp);
    15111518        }
    15121519    }
     
    33523359        {
    33533360            LogFlowFunc(("I/O context completed pIoCtx=%#p\n", pIoCtx));
     3361            bool fFreeCtx = RT_BOOL(!(pIoCtx->fFlags & VDIOCTX_FLAGS_DONT_FREE));
    33543362            if (pIoCtx->pIoCtxParent)
    33553363            {
     
    33893397                {
    33903398                    LogFlowFunc(("Parent I/O context completed pIoCtxParent=%#p rcReq=%Rrc\n", pIoCtxParent, pIoCtxParent->rcReq));
     3399                    bool fFreeParentCtx = RT_BOOL(!(pIoCtxParent->fFlags & VDIOCTX_FLAGS_DONT_FREE));
    33913400                    vdIoCtxRootComplete(pDisk, pIoCtxParent);
    33923401                    vdThreadFinishWrite(pDisk);
    3393                     vdIoCtxFree(pDisk, pIoCtxParent);
     3402
     3403                    if (fFreeParentCtx)
     3404                        vdIoCtxFree(pDisk, pIoCtxParent);
    33943405                    vdDiskProcessBlockedIoCtx(pDisk);
    33953406                }
     
    34203431            }
    34213432
    3422             vdIoCtxFree(pDisk, pIoCtx);
     3433            if (fFreeCtx)
     3434                vdIoCtxFree(pDisk, pIoCtx);
    34233435        }
    34243436    }
Note: See TracChangeset for help on using the changeset viewer.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette