Fix unexpected behavior in client_timeout() error handling
There are 4 places that call client_close(), 3 are in poller callback
function before return _REMOVE. The client_ringbuffer_poll() and
client_poll() both set the client->rbc = NULL or client->poller = NULL
correspondingly to avoid client_close() unregistering the poller within
poller callback. Because calling console_poller_unregister() within the
loop of console-sever.c:call_pollers() will make the loop writing into
freed poller, corrupting the memory and cause unexpected hehavior.
This fix is let the timeout callback follow the same pattern and avoid
calling console_poller_unregister() within call_pollers() loop.
Change-Id: If723a476d4142a42aa62e97ed0d2e2abca5e00c6
Signed-off-by: Dan Zhang <zhdaniel@google.com>
diff --git a/socket-handler.c b/socket-handler.c
index efcd5b8..c036b58 100644
--- a/socket-handler.c
+++ b/socket-handler.c
@@ -259,6 +259,7 @@
rc = client_drain_queue(client, 0);
if (rc) {
+ client->poller = NULL;
client_close(client);
return POLLER_REMOVE;
}