[4.1] 23dcf55 Deref the objcore before switching to synth on error.
PÃ¥l Hermunn Johansen
hermunn at varnish-software.com
Mon Dec 18 09:23:10 UTC 2017
commit 23dcf55bdf6a24cd98f88863b1003b44327a7833
Author: Martin Blix Grydeland <martin at varnish-software.com>
Date: Fri Nov 24 13:54:01 2017 +0100
Deref the objcore before switching to synth on error.
Also add asserts for the references held in req->objcore and
req->stale_oc.
The test case for #1807 catches this bug after adding the asserts.
Fixes: #2502
diff --git a/bin/varnishd/cache/cache_req_fsm.c b/bin/varnishd/cache/cache_req_fsm.c
index a6c4c0b..46e7765 100644
--- a/bin/varnishd/cache/cache_req_fsm.c
+++ b/bin/varnishd/cache/cache_req_fsm.c
@@ -121,6 +121,7 @@ cnt_deliver(struct worker *wrk, struct req *req)
CHECK_OBJ_NOTNULL(req, REQ_MAGIC);
CHECK_OBJ_NOTNULL(req->objcore, OBJCORE_MAGIC);
CHECK_OBJ_NOTNULL(req->objcore->objhead, OBJHEAD_MAGIC);
+ AZ(req->stale_oc);
AN(req->vcl);
assert(req->objcore->refcnt > 0);
@@ -131,6 +132,7 @@ cnt_deliver(struct worker *wrk, struct req *req)
HTTP_Setup(req->resp, req->ws, req->vsl, SLT_RespMethod);
if (HTTP_Decode(req->resp,
ObjGetattr(req->wrk, req->objcore, OA_HEADERS, NULL))) {
+ (void)HSH_DerefObjCore(wrk, &req->objcore);
req->err_code = 500;
req->req_step = R_STP_SYNTH;
return (REQ_FSM_MORE);
@@ -225,6 +227,8 @@ cnt_deliver(struct worker *wrk, struct req *req)
(void)HSH_DerefObjCore(wrk, &req->objcore);
http_Teardown(req->resp);
+ AZ(req->objcore);
+ AZ(req->stale_oc);
return (REQ_FSM_DONE);
}
@@ -244,6 +248,9 @@ cnt_synth(struct worker *wrk, struct req *req)
CHECK_OBJ_NOTNULL(wrk, WORKER_MAGIC);
CHECK_OBJ_NOTNULL(req, REQ_MAGIC);
+ AZ(req->objcore);
+ AZ(req->stale_oc);
+
wrk->stats->s_synth++;
now = W_TIM_real(wrk);
@@ -327,6 +334,7 @@ cnt_fetch(struct worker *wrk, struct req *req)
CHECK_OBJ_NOTNULL(wrk, WORKER_MAGIC);
CHECK_OBJ_NOTNULL(req, REQ_MAGIC);
CHECK_OBJ_NOTNULL(req->objcore, OBJCORE_MAGIC);
+ AZ(req->stale_oc);
wrk->stats->s_fetch++;
(void)VRB_Ignore(req);
@@ -358,6 +366,7 @@ cnt_lookup(struct worker *wrk, struct req *req)
CHECK_OBJ_NOTNULL(wrk, WORKER_MAGIC);
CHECK_OBJ_NOTNULL(req, REQ_MAGIC);
AZ(req->objcore);
+ AZ(req->stale_oc);
AN(req->vcl);
@@ -500,6 +509,7 @@ cnt_miss(struct worker *wrk, struct req *req)
CHECK_OBJ_NOTNULL(req, REQ_MAGIC);
AN(req->vcl);
CHECK_OBJ_NOTNULL(req->objcore, OBJCORE_MAGIC);
+ CHECK_OBJ_ORNULL(req->stale_oc, OBJCORE_MAGIC);
VCL_miss_method(req->vcl, wrk, req, NULL, NULL);
switch (wrk->handling) {
@@ -541,6 +551,7 @@ cnt_pass(struct worker *wrk, struct req *req)
CHECK_OBJ_NOTNULL(req, REQ_MAGIC);
AN(req->vcl);
AZ(req->objcore);
+ AZ(req->stale_oc);
VCL_pass_method(req->vcl, wrk, req, NULL, NULL);
switch (wrk->handling) {
@@ -574,6 +585,8 @@ cnt_pipe(struct worker *wrk, struct req *req)
CHECK_OBJ_NOTNULL(wrk, WORKER_MAGIC);
CHECK_OBJ_NOTNULL(req, REQ_MAGIC);
+ AZ(req->objcore);
+ AZ(req->stale_oc);
AN(req->vcl);
wrk->stats->s_pipe++;
@@ -615,6 +628,8 @@ cnt_restart(struct worker *wrk, struct req *req)
CHECK_OBJ_NOTNULL(wrk, WORKER_MAGIC);
CHECK_OBJ_NOTNULL(req, REQ_MAGIC);
+ AZ(req->objcore);
+ AZ(req->stale_oc);
req->director_hint = NULL;
if (++req->restarts >= cache_param->max_restarts) {
@@ -652,6 +667,7 @@ cnt_recv(struct worker *wrk, struct req *req)
CHECK_OBJ_NOTNULL(req, REQ_MAGIC);
AN(req->vcl);
AZ(req->objcore);
+ AZ(req->stale_oc);
AZ(req->err_code);
AZ(isnan(req->t_first));
@@ -762,6 +778,7 @@ cnt_purge(struct worker *wrk, struct req *req)
CHECK_OBJ_NOTNULL(wrk, WORKER_MAGIC);
CHECK_OBJ_NOTNULL(req, REQ_MAGIC);
AZ(req->objcore);
+ AZ(req->stale_oc);
AN(req->vcl);
More information about the varnish-commit
mailing list