From: Jason Dillaman <dillaman@redhat.com>
Date: Fri, 10 Jul 2020 14:16:42 +0000 (-0400)
Subject: common/Timer: fixed invalid read from deleted object
X-Git-Tag: v16.1.0~1685^2~21
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=7f36144f8372d6fba159a6b621234517cb311fe0;p=ceph.git

common/Timer: fixed invalid read from deleted object

The std::conditional_variable will keep the provided reference and
repeatedly dereference it even after the lock was dropped and
re-acquired. This can lead to an invalid read if the associated
schedule entry has been removed while waiting.

Signed-off-by: Jason Dillaman <dillaman@redhat.com>
---

diff --git a/src/common/Timer.cc b/src/common/Timer.cc
index 39ad45319158..bf050e6395a4 100644
--- a/src/common/Timer.cc
+++ b/src/common/Timer.cc
@@ -107,7 +107,8 @@ void SafeTimer::timer_thread()
     if (schedule.empty()) {
       cond.wait(l);
     } else {
-      cond.wait_until(l, schedule.begin()->first);
+      auto when = schedule.begin()->first;
+      cond.wait_until(l, when);
     }
     ldout(cct,20) << "timer_thread awake" << dendl;
   }