[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [MiNT] tfork() bug.

To: ole@monochrom.net
Subject: Re: [MiNT] tfork() bug.
From: Alan Hourihane <alanh@fairlite.co.uk>
Date: Tue, 15 May 2012 22:42:34 +0100
Cc: mint@lists.fishpool.fi
In-reply-to: <7056cab2ac2ed3d6d842575e2d0f8974-EhVcX1lFRQVaRwYcDTpQCEFddQZLVF5dQUNBAjBeX15ZVF0WXV1oAFFQMl5cQkIDXl1ZQVA=-webmailer1@server03.webmailer.hosteurope.de>
List-help: <mailto:ecartis@lists.fishpool.fi?Subject=help>
List-id: <mint.lists.fishpool.fi>
List-owner: <mailto:tjhukkan@fishpool.fi>
List-post: <mailto:mint@lists.fishpool.fi>
List-subscribe: <mailto:mint-request@lists.fishpool.fi?Subject=subscribe>
List-unsubscribe: <mailto:mint-request@lists.fishpool.fi?Subject=unsubscribe>
References: <7056cab2ac2ed3d6d842575e2d0f8974-EhVcX1lFRQVaRwYcDTpQCEFddQZLVF5dQUNBAjBeX15ZVF0WXV1oAFFQMl5cQkIDXl1ZQVA=-webmailer1@server03.webmailer.hosteurope.de>
Sender: mint-bounce@lists.fishpool.fi
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:12.0) Gecko/20120508 Thunderbird/12.0.1

On 05/15/12 22:23, m0n0 wrote:
> Hello there,
>
> I recently found out the MiNT way of doing preemptive tasks. The function
> is tfork() in MiNTlib. It can be implemented in you own source anyway.
>
> I think I've found an bug.
>
> within tfork() (mintlib/mintlib/thread.c) there is:
>
> b = (BASEPAGE *)Pexec(PE_CBASEPAGE, 0L, "", 0L);
> ...
> pid = Pexec(104, 0L, b, 0L);
> ...
> (void)Mfree(b->p_env);  /* free the memory */
>
>
> Within startup() (also within thread.c) there is:
>
> /* If this is a thread, it doesn't need
> * own copy of the environment, right?
> */
> Mfree(b->p_env);
> b->p_env = _base->p_env;
>
> As far as I understand, we have 2 bugs here.
>
> 1. Double free()
>    tfork() and startup() call free() on the same environment pointer.
>
> 2. Race condition
>    If the thread was already running, and gave back the execution to the
>    parent, the p_env will point to the parent environment and tfork() will
>    free it's own environment.
>
> Can somebody confirm this bug and that I understand it correctly?

A small test case would help. Can you code one up ?

Thanks,

Alan.

Follow-Ups:
- Re: [MiNT] tfork() bug.
  - From: "m0n0" <ole@monochrom.net>

References:
- [MiNT] tfork() bug.
  - From: "m0n0" <ole@monochrom.net>

Prev by Date: [MiNT] tfork() bug.
Next by Date: Re: [MiNT] tfork() bug.
Previous by thread: [MiNT] tfork() bug.
Next by thread: Re: [MiNT] tfork() bug.
Index(es):
- Date
- Thread