From 811c5ebf920f6128aa9a113cd941f7b72f4abf75 Mon Sep 17 00:00:00 2001 From: Zhaolong Zhang Date: Sun, 16 Sep 2018 19:57:08 -0700 Subject: [PATCH] Fix crash caused by race condition in timer creation The race condition is the timer elapses before isc__timer_create() returns the pointer to the caller. Assigning the return pointer before enabling the timer will fix it. (cherry picked from commit 21966423cd7101a60ddfb3cf11f04f71c9fdd7b7) --- lib/isc/timer.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/isc/timer.c b/lib/isc/timer.c index 714ae591ac0..2baa9e6ea10 100644 --- a/lib/isc/timer.c +++ b/lib/isc/timer.c @@ -474,8 +474,10 @@ isc__timer_create(isc_timermgr_t *manager0, isc_timertype_t type, result = schedule(timer, &now, true); else result = ISC_R_SUCCESS; - if (result == ISC_R_SUCCESS) + if (result == ISC_R_SUCCESS) { + *timerp = (isc_timer_t *)timer; APPEND(manager->timers, timer, link); + } UNLOCK(&manager->lock); @@ -488,8 +490,6 @@ isc__timer_create(isc_timermgr_t *manager0, isc_timertype_t type, return (result); } - *timerp = (isc_timer_t *)timer; - return (ISC_R_SUCCESS); } -- GitLab