From ce459d0c55c974e3792adea5e6455a554dc686f9 Mon Sep 17 00:00:00 2001
From: Garrett D'Amore <garrett@damore.org>
Date: Fri, 11 Aug 2017 12:15:29 -0700
Subject: Posix pollq fini is not properly idempotent.

This creates a use-after-free bug if nni_fini() is run, then new
sockets are created.
---
 src/platform/posix/posix_pollq_poll.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/platform/posix/posix_pollq_poll.c b/src/platform/posix/posix_pollq_poll.c
index 8f7aece5..d3fdf394 100644
--- a/src/platform/posix/posix_pollq_poll.c
+++ b/src/platform/posix/posix_pollq_poll.c
@@ -315,7 +315,6 @@ nni_posix_pollq_fini(nni_posix_pollq *pq)
 		nni_plat_pipe_raise(pq->wakewfd);
 		nni_mtx_unlock(&pq->mtx);
 	}
-
 	nni_thr_fini(&pq->thr);
 
 	// All pipes should have been closed before this is called.
@@ -330,6 +329,8 @@ nni_posix_pollq_fini(nni_posix_pollq *pq)
 	}
 	if (pq->nfds != 0) {
 		NNI_FREE_STRUCTS(pq->fds, pq->nfds);
+		pq->fds  = NULL;
+		pq->nfds = 0;
 	}
 	nni_mtx_fini(&pq->mtx);
 }
-- 
cgit v1.2.3-70-g09d2