From: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@cern.ch>
Date: Fri, 21 May 2021 15:05:24 +0000 (+0200)
Subject: rbd-mirror: fix segfault in snapshot replayer shutdown
X-Git-Tag: v17.1.0~1873^2
X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=3bc07f6ce06151d96949becb2be423cfabf01429;p=ceph.git

rbd-mirror: fix segfault in snapshot replayer shutdown

If an error arises in the init flow of the snapshot replayer and the
function returns before the call on `register_local_update_watcher`
the value of `m_update_watch_ctx` will not be initialized. Therefore,
on the shutdown phase, the replayer will try to free this pointer
and segfault.

This commit fixes this issue by setting `m_update_watch_ctx` to
`nullptr`.

Fixes: https://tracker.ceph.com/issues/50931
Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@cern.ch>
---

diff --git a/src/tools/rbd_mirror/image_replayer/snapshot/Replayer.h b/src/tools/rbd_mirror/image_replayer/snapshot/Replayer.h
index 170d3c1d0cc81..c2c28171f87dc 100644
--- a/src/tools/rbd_mirror/image_replayer/snapshot/Replayer.h
+++ b/src/tools/rbd_mirror/image_replayer/snapshot/Replayer.h
@@ -211,7 +211,7 @@ private:
   int m_error_code = 0;
   std::string m_error_description;
 
-  C_UpdateWatchCtx* m_update_watch_ctx;
+  C_UpdateWatchCtx* m_update_watch_ctx = nullptr;
   uint64_t m_local_update_watcher_handle = 0;
   uint64_t m_remote_update_watcher_handle = 0;
   bool m_image_updated = false;