From 00674124213d6a9f0564632a5ad172cbd78caf24 Mon Sep 17 00:00:00 2001
From: Yabin Cui <yabinc@google.com>
Date: Wed, 26 Aug 2015 12:27:40 -0700
Subject: [PATCH] adb: fix a data race in local_socket_event_func.

If s->peer->enqueue() failed, s may be freed. So we should use
saved_xxx instead of s->xxx before verifying the return value.

Change-Id: I6c072406dceb98e2d02798d0dcdc428fa99e66fb
---
 adb/sockets.cpp | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/adb/sockets.cpp b/adb/sockets.cpp
index d8ea2ee5c..a85d5addf 100644
--- a/adb/sockets.cpp
+++ b/adb/sockets.cpp
@@ -360,9 +360,12 @@ static void local_socket_event_func(int fd, unsigned ev, void* _s)
         } else {
             p->len = max_payload - avail;
 
+            // s->peer->enqueue() may call s->close() and free s,
+            // so save variables for debug printing below.
+            unsigned saved_id = s->id;
+            int saved_fd = s->fd;
             r = s->peer->enqueue(s->peer, p);
-            D("LS(%d): fd=%d post peer->enqueue(). r=%d\n", s->id, s->fd,
-              r);
+            D("LS(%u): fd=%d post peer->enqueue(). r=%d\n", saved_id, saved_fd, r);
 
             if (r < 0) {
                     /* error return means they closed us as a side-effect