From: Sage Weil <sage@redhat.com>
Date: Thu, 3 May 2018 13:45:09 +0000 (-0500)
Subject: osd/PG: fix uninit read in Incomplete::react(AdvMap&)
X-Git-Tag: v13.1.1~56^2~4^2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=refs%2Fpull%2F21798%2Fhead;p=ceph.git

osd/PG: fix uninit read in Incomplete::react(AdvMap&)

If a PG is incomplete when the pool is deleted we'll dereference invalid
iterators here.

Fixes: http://tracker.ceph.com/issues/23980
Signed-off-by: Sage Weil <sage@redhat.com>
---

diff --git a/src/osd/PG.cc b/src/osd/PG.cc
index c490c47709d2..37e2bdbe7506 100644
--- a/src/osd/PG.cc
+++ b/src/osd/PG.cc
@@ -8959,7 +8959,8 @@ boost::statechart::result PG::RecoveryState::Incomplete::react(const AdvMap &adv
   int64_t poolnum = pg->info.pgid.pool();
 
   // Reset if min_size turn smaller than previous value, pg might now be able to go active
-  if (advmap.lastmap->get_pools().find(poolnum)->second.min_size >
+  if (!advmap.osdmap->have_pg_pool(poolnum) ||
+      advmap.lastmap->get_pools().find(poolnum)->second.min_size >
       advmap.osdmap->get_pools().find(poolnum)->second.min_size) {
     post_event(advmap);
     return transit< Reset >();