[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [MiNT] tfork() bug.
On 05/15/12 22:23, m0n0 wrote:
> Hello there,
>
> I recently found out the MiNT way of doing preemptive tasks. The function
> is tfork() in MiNTlib. It can be implemented in you own source anyway.
>
> I think I've found an bug.
>
> within tfork() (mintlib/mintlib/thread.c) there is:
>
> b = (BASEPAGE *)Pexec(PE_CBASEPAGE, 0L, "", 0L);
> ...
> pid = Pexec(104, 0L, b, 0L);
> ...
> (void)Mfree(b->p_env); /* free the memory */
>
>
> Within startup() (also within thread.c) there is:
>
> /* If this is a thread, it doesn't need
> * own copy of the environment, right?
> */
> Mfree(b->p_env);
> b->p_env = _base->p_env;
>
> As far as I understand, we have 2 bugs here.
>
> 1. Double free()
> tfork() and startup() call free() on the same environment pointer.
>
> 2. Race condition
> If the thread was already running, and gave back the execution to the
> parent, the p_env will point to the parent environment and tfork() will
> free it's own environment.
>
> Can somebody confirm this bug and that I understand it correctly?
A small test case would help. Can you code one up ?
Thanks,
Alan.