about summary refs log tree commit diff
path: root/src/aio
diff options
context:
space:
mode:
authorRich Felker <dalias@aerifal.cx>2013-06-16 10:39:02 -0400
committerRich Felker <dalias@aerifal.cx>2013-06-16 10:39:02 -0400
commita494171a5a2778fc7b4d24d673d950f3e9864063 (patch)
treeb455cb07f90415da4f9307058a1ace8886fcbe9b /src/aio
parent8600849d74ddd1fca8eba467af5c04c18731ba49 (diff)
downloadmusl-a494171a5a2778fc7b4d24d673d950f3e9864063.tar.gz
musl-a494171a5a2778fc7b4d24d673d950f3e9864063.tar.xz
musl-a494171a5a2778fc7b4d24d673d950f3e9864063.zip
fix invalid access in aio notification
issue found and patch provided by Jens Gustedt. after the atomic store
to the error code field of the aiocb, the application is permitted to
free or reuse the storage, so further access is invalid. instead, use
the local copy that was already made.
Diffstat (limited to 'src/aio')
-rw-r--r--src/aio/aio_readwrite.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/aio/aio_readwrite.c b/src/aio/aio_readwrite.c
index e4c95aa2..666372db 100644
--- a/src/aio/aio_readwrite.c
+++ b/src/aio/aio_readwrite.c
@@ -51,7 +51,7 @@ static void *io_thread(void *p)
 
 	__aio_wake();
 
-	switch (cb->aio_sigevent.sigev_notify) {
+	switch (sev.sigev_notify) {
 	case SIGEV_SIGNAL:
 		notify_signal(&sev);
 		break;