From c327c7fdb7a65ecdace4f6e9694256c30b545252 Mon Sep 17 00:00:00 2001
From: Andy Green <andy@warmcat.com>
Date: Sat, 21 Dec 2019 12:13:14 +0000
Subject: [PATCH] vhost destruction: dont allow all wsi closures to kill vh we
 are already in process of destroying

Saw this on travis selftests during context destroy

==18895== Invalid read of size 8
==18895==    at 0x415909: __lws_vhost_destroy2 (vhost.c:1063)
==18895==    by 0x40E65B: lws_context_destroy2 (context.c:929)
==18895==    by 0x40EBE5: lws_context_destroy (context.c:1128)
==18895==    by 0x40CC41: main (minimal-http-client-post.c:267)
==18895==  Address 0x6168688 is 728 bytes inside a block of size 792 free'd
==18895==    at 0x4C2BDEC: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==18895==    by 0x45B29E: _realloc (alloc.c:120)
==18895==    by 0x45B2D6: lws_realloc (alloc.c:130)
==18895==    by 0x415ED7: __lws_vhost_destroy2 (vhost.c:1204)
==18895==    by 0x419164: lws_vhost_unbind_wsi (wsi.c:82)
==18895==    by 0x41236B: __lws_free_wsi (close.c:154)
==18895==    by 0x4134CF: __lws_close_free_wsi_final (close.c:650)
==18895==    by 0x4133BA: __lws_close_free_wsi (close.c:610)
==18895==    by 0x413528: lws_close_free_wsi (close.c:660)
==18895==    by 0x4158C7: __lws_vhost_destroy2 (vhost.c:1053)
==18895==    by 0x40E65B: lws_context_destroy2 (context.c:929)
==18895==    by 0x40EBE5: lws_context_destroy (context.c:1128)

Removing the last wsi from the vhost we started to destroy finalized the
vhost destruction, which is aimed at libuv async close cleanup.  But if
we already entered __lws_vhost_destroy2, we will definitely destroy the vhost
ourselves at the end of that function already.  So defeat the wsi close
triggering it.
---
 lib/core-net/vhost.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/core-net/vhost.c b/lib/core-net/vhost.c
index aa999e6eb..1882281e8 100644
--- a/lib/core-net/vhost.c
+++ b/lib/core-net/vhost.c
@@ -958,7 +958,6 @@ lws_vhost_destroy1(struct lws_vhost *vh)
 
 	lws_vhost_lock(vh); /* -------------- vh { */
 
-	vh->being_destroyed = 1;
 #if defined(LWS_WITH_NETWORK)
 	/*
 	 * PHASE 1: take down or reassign any listen wsi
@@ -1040,6 +1039,8 @@ __lws_vhost_destroy2(struct lws_vhost *vh)
 	struct lws wsi;
 	int n;
 
+	vh->being_destroyed = 0;
+
 #if defined(LWS_WITH_CLIENT)
 	/*
 	 * destroy any wsi that are associated with us but have no socket