From 0661fd6f7c66ae888b6fc253af6dd0514798eff5 Mon Sep 17 00:00:00 2001
From: Max Kellermann <max@duempel.org>
Date: Fri, 26 Sep 2014 13:29:44 +0200
Subject: lib/nfs/FileReader: postpone the nfs_close_async() call

If an async opertion is in progress, nfs_close_async() will make
libnfs crash because the RPC callback will dereference an object that
was freed by nfs_close_async().
---
 src/lib/nfs/FileReader.cxx | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

(limited to 'src/lib/nfs/FileReader.cxx')

diff --git a/src/lib/nfs/FileReader.cxx b/src/lib/nfs/FileReader.cxx
index 52d951fa6..d2be46f8e 100644
--- a/src/lib/nfs/FileReader.cxx
+++ b/src/lib/nfs/FileReader.cxx
@@ -57,11 +57,18 @@ NfsFileReader::Close()
 
 	connection->RemoveLease(*this);
 
-	if (state > State::MOUNT && state != State::IDLE)
-		connection->Cancel(*this);
-
-	if (state > State::OPEN)
+	if (state == State::IDLE)
+		/* no async operation in progress: can close
+		   immediately */
 		connection->Close(fh);
+	else if (state > State::OPEN)
+		/* one async operation in progress: cancel it and
+		   defer the nfs_close_async() call */
+		connection->CancelAndClose(fh, *this);
+	else if (state > State::MOUNT)
+		/* we don't have a file handle yet - just cancel the
+		   async operation */
+		connection->Cancel(*this);
 
 	state = State::INITIAL;
 }
-- 
cgit v1.2.3