juhaerk
commented
1 year ago It looks like this commit is also needed with this: https://github.com/puavo-org/nbd/commit/7bc199edc3c5b20a9e2e46e439cf7259d1db7f2c
Closed juhaerk closed 1 year ago
juhaerk
commented
1 year ago It looks like this commit is also needed with this: https://github.com/puavo-org/nbd/commit/7bc199edc3c5b20a9e2e46e439cf7259d1db7f2c
yoe
commented
1 year ago done, thanks
Ever since commit 199a5bcfb56bba218e56bdf5a527030a523654e3 there appears to be a bug that can trigger nbd-server crashes, at least when HUP-signal is sent to nbd-server.
In that commit, the SERVER is changed to refcounted value and g_array_set_clear_func() is used to to decrement the reference counter when server array is freed. Unfortunately the function that is passed to g_array_set_clear_func() receives a pointer to structure, which is *server and not server, because the structure is a pointer to server.
Thus, the serve_dec_ref() actually does random things when called through g_array_free(). This rarely results in calling free(), but it can happen and that crashes nbd-server.
See pull request https://github.com/NetworkBlockDevice/nbd/pull/142 for a fix. Another kind of fix would be possible, to change the serve_dec_ref to receive **server, but this would require a few more changes to code elsewhere.