engine: fix use-after-free bug when delaying command execution

In one particular case, a pending command that needs more data, the engine crashed because delayed command execution code path deleted the command still needed for the next chunk (found in Client::Sync::eds_contact_eds_memo::testLargeObject).
author: Patrick Ohly <patrick.ohly@intel.com> 2014-09-10 03:38:06 -0700
committer: Patrick Ohly <patrick.ohly@intel.com> 2014-09-10 03:38:06 -0700
commit: c666d39d3f0fe071890032f602ee62e61cf070a5 (patch)
tree: e4c382643ad7a0f1ec0deea99b39d0065b4193cd
parent: ca35df7f36ba54a7f8425e42e4b38376c8064868 (diff)
1 files changed, 6 insertions, 2 deletions
diff --git a/src/sysync/syncsession.cpp b/src/sysync/syncsession.cpp
index f7c7a11..f89a89e 100644
--- a/src/sysync/syncsession.cpp
+++ b/src/sysync/syncsession.cpp
@@ -2838,8 +2838,12 @@ bool TSyncSession::tryDelayedExecutionCommands()
             syncEndAfterSyncPackageEnd=true; // remember that we had at least one
         }
         // execution finished, can be deleted
-        PDEBUGPRINTFX(DBG_SESSION,("%s: command finished execution -> deleting",cmdP->getName()));
-        delete cmdP;
+        if (fIncompleteDataCommandP == cmdP) {
+          PDEBUGPRINTFX(DBG_SESSION,("%s: command incomplete -> keeping it for next message",cmdP->getName()));
+        } else {
+          PDEBUGPRINTFX(DBG_SESSION,("%s: command finished execution -> deleting",cmdP->getName()));
+          delete cmdP;
+        }
         // delete from queue
         fDelayedExecutionCommands.pop_front();
       }
author	Patrick Ohly <patrick.ohly@intel.com>	2014-09-10 03:38:06 -0700
committer	Patrick Ohly <patrick.ohly@intel.com>	2014-09-10 03:38:06 -0700
commit	c666d39d3f0fe071890032f602ee62e61cf070a5 (patch)
tree	e4c382643ad7a0f1ec0deea99b39d0065b4193cd
parent	ca35df7f36ba54a7f8425e42e4b38376c8064868 (diff)