From 1d69ceee0b8fac1f4451a75b6e4b14ee2d5d91dc Mon Sep 17 00:00:00 2001 From: Jeremy Kerr Date: Thu, 22 May 2014 18:42:33 +0800 Subject: [PATCH] discover: don't free cancelled load tasks Currently, we have a bug when a boot task with more than one load tasks is cancelled: 1) boot_cancel calls cleanup_cancellations, which performs a load_url_async_cancel on all load tasks. This sets the load tasks' states to LOAD_CANCELLED, and signals associated processes. 2) The first load task process completes, we get a load_url_process_exit callback. This then invokes cleanup_cancellations. 3) cleanup_cancellations then (incorrectly) frees the boot task (and hence freeing all pending load tasks) as no load tasks are in LOAD_ASYNC state (we set them all to LOAD_CANCELLED in step 1) 4) The actual completion for the second load task attempts to reference the now-freed task structure. This change fixes the issue by handing the LOAD_CANCELLED state properly - if we find a load task in this state, we consider the boot task still pending, and delay the free until all loads are complete. Signed-off-by: Jeremy Kerr --- discover/boot.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/discover/boot.c b/discover/boot.c index e5803a7..ce9c1e0 100644 --- a/discover/boot.c +++ b/discover/boot.c @@ -340,6 +340,11 @@ static void cleanup_cancellations(struct boot_task *task, } else if (result->status == LOAD_ASYNC) { load_url_async_cancel(result); pending = true; + + /* if we're waiting for a cancellation, we still need to + * wait for the completion before freeing the boot task */ + } else if (result->status == LOAD_CANCELLED) { + pending = true; } } -- 2.47.3