Skip to content

Commit

Permalink
fix use after free in handle_timeout_now_request
Browse files Browse the repository at this point in the history 
Closure maybe invoked before `elect_self`, which will free request and cause UAF.
  • Loading branch information
@BusyJay
BusyJay committed Aug 20, 2024
1 parent bc9fb05 commit b9e1293
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion src/braft/node.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1134,8 +1134,9 @@ void NodeImpl::handle_timeout_now_request(brpc::Controller* controller,
}
response->set_success(true);
// Parallelize Response and election
bool old_leader_stepped_down = request->old_leader_stepped_down();
run_closure_in_bthread(done_guard.release());
elect_self(&lck, request->old_leader_stepped_down());
elect_self(&lck, old_leader_stepped_down);
// Don't touch any mutable field after this point, it's likely out of the
// critical section
if (lck.owns_lock()) {
Expand Down

0 comments on commit b9e1293

Please sign in to comment.