On Fri, Feb 14, 2020 at 05:17:08PM +0000, Stefan Hajnoczi wrote:
> epoll_handler is a stack variable and must not be accessed after it goes
> out of scope:
>
> if (aio_epoll_check_poll(ctx, pollfds, npfd, timeout)) {
> AioHandler epoll_handler;
> ...
> add_pollfd(&epoll_handler);
> ret = aio_epoll(ctx, pollfds, npfd, timeout);
> } ...
>
> ...
>
> /* if we have any readable fds, dispatch event */
> if (ret > 0) {
> for (i = 0; i < npfd; i++) {
> nodes[i]->pfd.revents = pollfds[i].revents;
> }
> }
>
> nodes[0] is &epoll_handler, which has already gone out of scope.
>
> There is no need to use pollfds[] for epoll. We don't need an
> AioHandler for the epoll fd.
>
> Signed-off-by: Stefan Hajnoczi <[email protected]>
> ---
> util/aio-posix.c | 20 ++++++++------------
> 1 file changed, 8 insertions(+), 12 deletions(-)Reviewed-by: Sergio Lopez <[email protected]>
signature.asc
Description: PGP signature
