From 8af6befd3a3805501e5c13612558241e60b349ba Mon Sep 17 00:00:00 2001 From: Garrett D'Amore Date: Sat, 7 Dec 2024 18:55:13 -0800 Subject: [PATCH] device: fixes for socket holds and leaking aio data The aio structures need to be finalized, and the sockets should be held until the device is totally finalized to prevent any possible use after free. --- src/core/device.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/core/device.c b/src/core/device.c index 7a6fb479d..815fafccc 100644 --- a/src/core/device.c +++ b/src/core/device.c @@ -51,6 +51,11 @@ device_fini(void *arg) for (int i = 0; i < d->num_paths; i++) { nni_aio_stop(&d->paths[i].aio); } + for (int i = 0; i < d->num_paths; i++) { + nni_aio_fini(&d->paths[i].aio); + } + nni_sock_rele(d->paths[0].src); + nni_sock_rele(d->paths[0].dst); NNI_FREE_STRUCT(d); } @@ -97,8 +102,6 @@ device_cb(void *arg) nni_aio_finish_error(d->user, d->rv); d->user = NULL; } - nni_sock_rele(d->paths[0].src); - nni_sock_rele(d->paths[0].dst); nni_reap(&device_reap, d); }