osdc: Update CB_ObjectOperation_decodevals and CB_ObjectOperation_decodekeys to persi...

The callback object would create a local variable then save the address of the
local variable in the object which will later be referenced. This leads
to access stack memory that is no longer in scope,
possibly not even in the same thread.

Fixes: https://tracker.ceph.com/issues/72403
Signed-off-by: Edwin Rodriguez <edwin.rodriguez1@ibm.com>

diff --git a/src/osdc/Objecter.h b/src/osdc/Objecter.h
index 509c5ed7a319f83c9e38996aed23497d26df5399..75ddcc9989be921880de0ccc77b9814bef2c9646 100644 (file)
--- a/src/osdc/Objecter.h
+++ b/src/osdc/Objecter.h
@@ -674,6 +674,7 @@ struct ObjectOperation {
   struct CB_ObjectOperation_decodevals {
     uint64_t max_entries;
     Vals* pattrs;
+    Vals ignore;
     bool* ptruncated;
     int* prval;
     boost::system::error_code* pec;
@@ -692,7 +693,6 @@ struct ObjectOperation {
          if (pattrs)
            decode(*pattrs, p);
          if (ptruncated) {
-           Vals ignore;
            if (!pattrs) {
              decode(ignore, p);
              pattrs = &ignore;
@@ -719,6 +719,7 @@ struct ObjectOperation {
   struct CB_ObjectOperation_decodekeys {
     uint64_t max_entries;
     Keys* pattrs;
+    Keys ignore;
     bool *ptruncated;
     int *prval;
     boost::system::error_code* pec;
@@ -737,7 +738,6 @@ struct ObjectOperation {
          if (pattrs)
            decode(*pattrs, p);
          if (ptruncated) {
-           Keys ignore;
            if (!pattrs) {
              decode(ignore, p);
              pattrs = &ignore;