From 48533240493c0dd970c926bbdb8939bb7d93cd14 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Tue, 6 Aug 2019 11:44:27 +0200
Subject: [SERVER] Fix: Client thread could destroy sendMutex while in use

Fix a race condition where the client thread tears down the client
struct including the sendMutex while the uplink thead is currently
holding the lock, trying to send data to the client.
---
 src/server/uplink.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'src/server/uplink.c')

diff --git a/src/server/uplink.c b/src/server/uplink.c
index aa5228c..f58b019 100644
--- a/src/server/uplink.c
+++ b/src/server/uplink.c
@@ -153,6 +153,9 @@ void uplink_removeClient(dnbd3_connection_t *uplink, dnbd3_client_t *client)
 	mutex_lock( &uplink->queueLock );
 	for (int i = uplink->queueLen - 1; i >= 0; --i) {
 		if ( uplink->queue[i].client == client ) {
+			// Make sure client doesn't get destroyed while we're sending it data
+			mutex_lock( &client->sendMutex );
+			mutex_unlock( &client->sendMutex );
 			uplink->queue[i].client = NULL;
 			uplink->queue[i].status = ULR_FREE;
 		}
-- 
cgit v1.2.3-55-g7522