[PATCH] discover/boot: Safely cleanup after failed load

[Sam Mendoza-Jonas]

If a call to load_url_async() fails immediately, boot() will free the
boot task and return. If other jobs started by load_url_async()
are still running they will attempt to free their task struct in
load_url_process_exit(), however the original boot task is the parent
context of this process task, resulting in a double-free.

Instead call cleanup_cancellations if an error immediately occurs to
cancel any pending load operations safely before freeing the boot task.

Signed-off-by: Sam Mendoza-Jonas <sam at mendozajonas.com>
---
 discover/boot.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/discover/boot.c b/discover/boot.c
index 7778b3f..0d3491f 100644
--- a/discover/boot.c
+++ b/discover/boot.c
@@ -486,9 +486,10 @@ struct boot_task *boot(void *ctx, struct discover_boot_option *opt,
 	  || start_url_load(boot_task, "initrd", initrd, &boot_task->initrd)
 	  || start_url_load(boot_task, "dtb", dtb, &boot_task->dtb);
 
-	/* If all URLs are local, we may be done. */
 	if (rc) {
-		talloc_free(boot_task);
+		/* Don't call boot_cancel() to preserve the status update */
+		boot_task->cancelled = true;
+		cleanup_cancellations(boot_task, NULL);
 		return NULL;
 	}
 
-- 
2.7.3