From 72dba099328073b89aad9c31a2d30371ba48388b Mon Sep 17 00:00:00 2001
From: Andy Green <andy.green@linaro.org>
Date: Tue, 19 Jan 2016 22:34:44 +0800
Subject: [PATCH] timeout check take copies since he may be deleted

Signed-off-by: Andy Green <andy.green@linaro.org>
---
 lib/service.c       | 12 ++++++++----
 test-server/fuzxy.c |  4 ++--
 2 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/lib/service.c b/lib/service.c
index af72dc53..8f4f4f62 100644
--- a/lib/service.c
+++ b/lib/service.c
@@ -379,9 +379,9 @@ lws_service_fd_tsi(struct lws_context *context, struct lws_pollfd *pollfd, int t
 	lws_sockfd_type our_fd = 0;
 	struct lws_tokens eff_buf;
 	unsigned int pending = 0;
+	struct lws *wsi, *wsi1;
 	char draining_flow = 0;
 	int timed_out = 0;
-	struct lws *wsi;
 	time_t now;
 	int n, m;
 	int more;
@@ -411,13 +411,17 @@ lws_service_fd_tsi(struct lws_context *context, struct lws_pollfd *pollfd, int t
 
 		wsi = context->timeout_list;
 		while (wsi) {
-			if (lws_service_timeout_check(wsi, (unsigned int)now))
+			/* we have to take copies, because he may be deleted */
+			wsi1 = wsi->timeout_list;
+			m = wsi->sock;
+			if (lws_service_timeout_check(wsi, (unsigned int)now)) {
 				/* he did time out... */
-				if (wsi->sock == our_fd)
+				if (m == our_fd)
 					/* it was the guy we came to service! */
 					timed_out = 1;
 					/* he's gone, no need to mark as handled */
-			wsi = wsi->timeout_list;
+			}
+			wsi = wsi1;
 		}
 	}
 
diff --git a/test-server/fuzxy.c b/test-server/fuzxy.c
index c319086d..8c77df94 100644
--- a/test-server/fuzxy.c
+++ b/test-server/fuzxy.c
@@ -277,8 +277,8 @@ struct fuzxy_rule {
 };
 
 struct fuzxy_rule r = {
-		{ "Host:", "\x0d", " \x0d" },
-		{ 5, 1, 2 },
+		{ "Host:", "\x0d", "\xe0\x00\x0d" },
+		{ 5, 1, 3 },
 		65536
 };
 
-- 
GitLab