ZOOKEEPER-4809: Fix do_completion use-after-free when log level is debug

The log callback needs to be obtained from freed zh when the log level is debug, resulting in used-after-free.
apache · Feb 20, 2024 · b332c1f · b332c1f
1 parent 7074448
commit b332c1f
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/zookeeper-client/zookeeper-client-c/src/mt_adaptor.c b/zookeeper-client/zookeeper-client-c/src/mt_adaptor.c
@@ -468,6 +468,7 @@ void *do_completion(void *v)
 #endif
 {
     zhandle_t *zh = v;
+    log_callback_fn fn;
     api_prolog(zh);
     notify_thread_ready(zh);
     LOG_DEBUG(LOGCALLBACK(zh), "started completion thread");
@@ -479,8 +480,9 @@ void *do_completion(void *v)
         pthread_mutex_unlock(&zh->completions_to_process.lock);
         process_completions(zh);
     }
-    api_epilog(zh, 0);    
-    LOG_DEBUG(LOGCALLBACK(zh), "completion thread terminated");
+    fn = LOGCALLBACK(zh);
+    api_epilog(zh, 0);
+    LOG_DEBUG(fn, "completion thread terminated");
     return 0;
 }