On Fri, Feb 14, 2020 at 05:17:08PM +0000, Stefan Hajnoczi wrote:
> epoll_handler is a stack variable and must not be accessed after it goes
> out of scope:
> 
>       if (aio_epoll_check_poll(ctx, pollfds, npfd, timeout)) {
>           AioHandler epoll_handler;
>           ...
>           add_pollfd(&epoll_handler);
>           ret = aio_epoll(ctx, pollfds, npfd, timeout);
>       } ...
> 
>   ...
> 
>   /* if we have any readable fds, dispatch event */
>   if (ret > 0) {
>       for (i = 0; i < npfd; i++) {
>           nodes[i]->pfd.revents = pollfds[i].revents;
>       }
>   }
> 
> nodes[0] is &epoll_handler, which has already gone out of scope.
> 
> There is no need to use pollfds[] for epoll.  We don't need an
> AioHandler for the epoll fd.
> 
> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
> ---
>  util/aio-posix.c | 20 ++++++++------------
>  1 file changed, 8 insertions(+), 12 deletions(-)

Reviewed-by: Sergio Lopez <slp@redhat.com>