Access after free during kcm shutdown with a non-empty queue. req is allocated on state at kcm_op_queue_send, then assigned to state->entry->req. If we free state, it first frees allocated req and then, state->entry which calls the destructor kcm_op_queue_entry_destructor which calls tevent_req_done(next_req->req) -> access after free.
Possible solution: make sure state->entry is freed first (add destructor to state)
Metadata Update from @pbrezina:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1572982
Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 1.16.2
to comment on this ticket.
Copyright © 2014-2018 Red Hat
4.0.3 — Documentation