mirror of
https://github.com/isc-projects/bind9.git
synced 2026-05-27 12:13:20 -04:00
4d465f4fa5
isc__ratelimiter_tick() and isc_ratelimiter_shutdown() each pulled events out of rl->pending into a function-local list, dropped the mutex, and then iterated. ISC_LIST_APPEND leaves the link in the LINKED state, so a concurrent isc_ratelimiter_dequeue() saw an event as still queued, called ISC_LIST_UNLINK against rl->pending — which patched the prev/next of the local list — and freed the event before dispatch finished, producing either an INSIST in the unlink macro or a use-after-free in the dispatch loop. isc_async_run() is a non-blocking wfcq enqueue, so there is no benefit to dropping the mutex around it. Unlink each event and hand it to isc_async_run() while still holding rl->lock; the existing ISC_LINK_LINKED check in dequeue then correctly distinguishes "still queued and cancellable" from "already taken". Assisted-by: Claude:claude-opus-4-7 |
||
|---|---|---|
| .. | ||
| dns | ||
| isc | ||
| isccc | ||
| isccfg | ||
| ns | ||
| .gitignore | ||
| meson.build | ||