---------------------
PatchSet 11180 
Date: 2007/01/23 17:42:06
Author: wessels
Branch: HEAD
Tag: (none) 
Log:
Bug #1877 diskd bug in storeDiskdIOCallback()

The logic in storeDiskdIOCallback() is slightly wrong because it
calls cbdataUnlock(ptr) before calling callback(ptr).  The ptr's
lock count could become zero during unlock, which would free the
memory before making the callback.

This bug can result in the following assertion in cbdataValid():

    assertion failed: cbdata.c:275: "c->locks > 0"

This patch reverses the order of unlock and callback calls

Members: 
	src/fs/diskd/store_io_diskd.c:1.33->1.34 

Index: squid/src/fs/diskd/store_io_diskd.c
===================================================================
RCS file: /cvsroot/squid/squid/src/fs/diskd/store_io_diskd.c,v
retrieving revision 1.33
retrieving revision 1.34
diff -u -r1.33 -r1.34
--- squid/src/fs/diskd/store_io_diskd.c	5 Nov 2006 21:14:36 -0000	1.33
+++ squid/src/fs/diskd/store_io_diskd.c	23 Jan 2007 17:42:06 -0000	1.34
@@ -1,6 +1,6 @@
 
 /*
- * $Id: store_io_diskd.c,v 1.33 2006/11/05 21:14:36 hno Exp $
+ * $Id: store_io_diskd.c,v 1.34 2007/01/23 17:42:06 wessels Exp $
  *
  * DEBUG: section 79    Squid-side DISKD I/O functions.
  * AUTHOR: Duane Wessels
@@ -468,11 +468,11 @@
 static void
 storeDiskdIOCallback(storeIOState * sio, int errflag)
 {
-    int valid = cbdataValid(sio->callback_data);
-    debug(79, 3) ("storeDiskdIOCallback: errflag=%d\n", errflag);
-    cbdataUnlock(sio->callback_data);
-    if (valid)
-	sio->callback(sio->callback_data, errflag, sio);
+    void *p = sio->callback_data;
+    debug(79, 3) ("storeUfsIOCallback: errflag=%d\n", errflag);
+    if (cbdataValid(p))
+	sio->callback(p, errflag, sio);
+    cbdataUnlock(p);
     cbdataFree(sio);
 }