From adf4fb3bc17a51eccf75d756f6c89f0d0a46f3f4 Mon Sep 17 00:00:00 2001
From: "Peter A. Bigot" <pab@pabigot.com>
Date: Tue, 24 Apr 2018 14:50:31 -0500
Subject: [PATCH] TcpResolver: reduce risk of accessing destructed
 TcpConnection

Invoking TcpHandler::onError might result in the connection being
destroyed.  Though the reference to it in TcpClosed() is likely benign,
it's safer to follow the standard practice of returning a nullptr to
indicate that the connection is known to be destroyed.
---
 src/linux_tcp/tcpresolver.h | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/linux_tcp/tcpresolver.h b/src/linux_tcp/tcpresolver.h
index 5fc002a..abca375 100644
--- a/src/linux_tcp/tcpresolver.h
+++ b/src/linux_tcp/tcpresolver.h
@@ -194,7 +194,7 @@ public:
      *  Proceed to the next state
      *  @return TcpState *
      */
-    TcpState *proceed()
+    TcpState *proceed(const Monitor &monitor)
     {
         // do we have a valid socket?
         if (_socket >= 0) 
@@ -211,6 +211,9 @@ public:
             // report error
             _handler->onError(_connection, _error.data());
         
+            // handler callback might have destroyed connection
+            if (!monitor.valid()) return nullptr;
+
             // create dummy implementation
             return new TcpClosed(_connection, _handler);
         }
@@ -229,7 +232,7 @@ public:
         if (fd != _pipe.in() || !(flags & readable)) return this;
 
         // proceed to the next state
-        return proceed();
+        return proceed(monitor);
     }
     
     /**
@@ -243,7 +246,7 @@ public:
         _thread.join();
         
         // proceed to the next state
-        return proceed();
+        return proceed(monitor);
     }
 
     /**
@@ -262,4 +265,3 @@ public:
  *  End of namespace
  */
 }
-