From 30dd885d1fc3013be0e3c2a45b2e0117f684f40a Mon Sep 17 00:00:00 2001
From: Adam Chlipala <adam@chlipala.net>
Date: Thu, 19 Nov 2015 13:18:58 -0500
Subject: Fix a read-after-free bug using a timestamp check

---
 src/c/urweb.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

(limited to 'src/c/urweb.c')

diff --git a/src/c/urweb.c b/src/c/urweb.c
index 945a6890..093a5294 100644
--- a/src/c/urweb.c
+++ b/src/c/urweb.c
@@ -4720,9 +4720,11 @@ static void uw_Sqlcache_storeCommitOne(uw_Sqlcache_Cache *cache, char **keys, uw
     }
     free(key);
   }
-  uw_Sqlcache_freeValue(entry->value);
-  entry->value = value;
-  entry->value->timeValid = timeNow;
+  if (entry->value && entry->value->timeValid < value->timeValid) {
+    uw_Sqlcache_freeValue(entry->value);
+    entry->value = value;
+    entry->value->timeValid = timeNow;
+  }
   pthread_rwlock_unlock(&cache->lockIn);
 }
 
@@ -4807,6 +4809,7 @@ void uw_Sqlcache_store(uw_context ctx, uw_Sqlcache_Cache *cache, char **keys, uw
   update->keys = uw_Sqlcache_copyKeys(keys, cache->numKeys);
   update->value = value;
   update->next = NULL;
+  value->timeValid = uw_Sqlcache_getTimeNow(cache);
   if (ctx->cacheUpdateTail) {
     ctx->cacheUpdateTail->next = update;
   } else {
-- 
cgit v1.2.3