osdc: Update CB_ObjectOperation_decodevals and CB_ObjectOperation_decodekeys to persi...

The callback object would create a local variable then save the address of the
local variable in the object which will later be referenced. This leads
to access stack memory that is no longer in scope,
possibly not even in the same thread.

Fixes: https://tracker.ceph.com/issues/72403
Signed-off-by: Edwin Rodriguez <edwin.rodriguez1@ibm.com>

diff --git a/src/osdc/Objecter.h b/src/osdc/Objecter.h
index 51f1687fc49320dc96c2d765d612eb323b19e570..8663681d652406a17d8b8aa1ecae8bb4eddbd69e 100644 (file)
--- a/src/osdc/Objecter.h
+++ b/src/osdc/Objecter.h
@@ -673,6 +673,7 @@ struct ObjectOperation {
   struct CB_ObjectOperation_decodevals {
     uint64_t max_entries;
     Vals* pattrs;
+    Vals ignore;
     bool* ptruncated;
     int* prval;
     boost::system::error_code* pec;
@@ -691,7 +692,6 @@ struct ObjectOperation {
          if (pattrs)
            decode(*pattrs, p);
          if (ptruncated) {
-           Vals ignore;
            if (!pattrs) {
              decode(ignore, p);
              pattrs = &ignore;
@@ -718,6 +718,7 @@ struct ObjectOperation {
   struct CB_ObjectOperation_decodekeys {
     uint64_t max_entries;
     Keys* pattrs;
+    Keys ignore;
     bool *ptruncated;
     int *prval;
     boost::system::error_code* pec;
@@ -736,7 +737,6 @@ struct ObjectOperation {
          if (pattrs)
            decode(*pattrs, p);
          if (ptruncated) {
-           Keys ignore;
            if (!pattrs) {
              decode(ignore, p);
              pattrs = &ignore;