From 21966423cd7101a60ddfb3cf11f04f71c9fdd7b7 Mon Sep 17 00:00:00 2001 From: Zhaolong Zhang Date: Sun, 16 Sep 2018 19:57:08 -0700 Subject: [PATCH] Fix crash caused by race condition in timer creation The race condition is the timer elapses before isc__timer_create() returns the pointer to the caller. Assigning the return pointer before enabling the timer will fix it. --- lib/isc/timer.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/isc/timer.c b/lib/isc/timer.c index 65b72b882b..628b9221e2 100644 --- a/lib/isc/timer.c +++ b/lib/isc/timer.c @@ -398,8 +398,10 @@ isc__timer_create(isc_timermgr_t *manager0, isc_timertype_t type, result = schedule(timer, &now, true); else result = ISC_R_SUCCESS; - if (result == ISC_R_SUCCESS) + if (result == ISC_R_SUCCESS) { + *timerp = (isc_timer_t *)timer; APPEND(manager->timers, timer, link); + } UNLOCK(&manager->lock); @@ -412,8 +414,6 @@ isc__timer_create(isc_timermgr_t *manager0, isc_timertype_t type, return (result); } - *timerp = (isc_timer_t *)timer; - return (ISC_R_SUCCESS); }