iolog: fix use-after-free of iolog_flush_data

If we run with compressed logs, drop_data_unlock() will free 'data'
before killing the condvar and mutex.

Signed-off-by: Jens Axboe <axboe@fb.com>

diff --git a/iolog.c b/iolog.c
index feda9ed68fbcc0414556d91c307378300c00d966..7fd125fb8436803f6f2c7f9fff99631682c1ce5a 100644 (file)
--- a/iolog.c
+++ b/iolog.c
@@ -1017,9 +1017,9 @@ static void drop_data_unlock(struct iolog_flush_data *data)
        pthread_mutex_unlock(&data->lock);
 
        if (!refs) {
-               free(data);
                pthread_mutex_destroy(&data->lock);
                pthread_cond_destroy(&data->cv);
+               free(data);
        }
 }