# HG changeset patch
# User Adam Chlipala <adam@chlipala.net>
# Date 1447957138 18000
# Node ID 6d56080f495c529eec8e8fdbae1935e2691b599e
# Parent  5104e480b3e3d8d72a0d6146636266eda9211fff
Fix a read-after-free bug using a timestamp check

diff -r 5104e480b3e3 -r 6d56080f495c src/c/urweb.c
--- a/src/c/urweb.c	Thu Nov 19 10:31:47 2015 -0500
+++ b/src/c/urweb.c	Thu Nov 19 13:18:58 2015 -0500
@@ -4720,9 +4720,11 @@
     }
     free(key);
   }
-  uw_Sqlcache_freeValue(entry->value);
-  entry->value = value;
-  entry->value->timeValid = timeNow;
+  if (entry->value && entry->value->timeValid < value->timeValid) {
+    uw_Sqlcache_freeValue(entry->value);
+    entry->value = value;
+    entry->value->timeValid = timeNow;
+  }
   pthread_rwlock_unlock(&cache->lockIn);
 }
 
@@ -4807,6 +4809,7 @@
   update->keys = uw_Sqlcache_copyKeys(keys, cache->numKeys);
   update->value = value;
   update->next = NULL;
+  value->timeValid = uw_Sqlcache_getTimeNow(cache);
   if (ctx->cacheUpdateTail) {
     ctx->cacheUpdateTail->next = update;
   } else {
diff -r 5104e480b3e3 -r 6d56080f495c src/lru_cache.sml
--- a/src/lru_cache.sml	Thu Nov 19 10:31:47 2015 -0500
+++ b/src/lru_cache.sml	Thu Nov 19 13:18:58 2015 -0500
@@ -136,14 +136,12 @@
              newline,
              string ("  char *ks[] = {" ^ revArgs ^ "};"),
              newline,
-             string ("  uw_Sqlcache_Value *v = calloc(1, sizeof(uw_Sqlcache_Value));"),
+             string ("  uw_Sqlcache_Value *v = malloc(sizeof(uw_Sqlcache_Value));"),
              newline,
              string "  v->result = strdup(s);",
              newline,
              string "  v->output = uw_recordingRead(ctx);",
              newline,
-             string "  v->timeValid = 0;",
-             newline,
              (*string ("  puts(\"SQLCACHE: stored " ^ i ^ ".\");"),
              newline,*)
              string ("  uw_Sqlcache_store(ctx, cache" ^ i ^ ", ks, v);"),