[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[MiNT] tfork() bug.

To: mint@lists.fishpool.fi
Subject: [MiNT] tfork() bug.
From: "m0n0" <ole@monochrom.net>
Date: Tue, 15 May 2012 23:23:38 +0200
Importance: Normal
List-help: <mailto:ecartis@lists.fishpool.fi?Subject=help>
List-id: <mint.lists.fishpool.fi>
List-owner: <mailto:tjhukkan@fishpool.fi>
List-post: <mailto:mint@lists.fishpool.fi>
List-subscribe: <mailto:mint-request@lists.fishpool.fi?Subject=subscribe>
List-unsubscribe: <mailto:mint-request@lists.fishpool.fi?Subject=unsubscribe>
Reply-to: ole@monochrom.net
Sender: mint-bounce@lists.fishpool.fi
User-agent: Host Europe Webmailer/1.0

Hello there,

I recently found out the MiNT way of doing preemptive tasks. The function
is tfork() in MiNTlib. It can be implemented in you own source anyway.

I think I've found an bug.

within tfork() (mintlib/mintlib/thread.c) there is:

b = (BASEPAGE *)Pexec(PE_CBASEPAGE, 0L, "", 0L);
...
pid = Pexec(104, 0L, b, 0L);
...
(void)Mfree(b->p_env);  /* free the memory */


Within startup() (also within thread.c) there is:

/* If this is a thread, it doesn't need
* own copy of the environment, right?
*/
Mfree(b->p_env);
b->p_env = _base->p_env;

As far as I understand, we have 2 bugs here.

1. Double free()
   tfork() and startup() call free() on the same environment pointer.

2. Race condition
   If the thread was already running, and gave back the execution to the
   parent, the p_env will point to the parent environment and tfork() will
   free it's own environment.

Can somebody confirm this bug and that I understand it correctly?

-- 
Greets,
Ole

Follow-Ups:
- Re: [MiNT] tfork() bug.
  - From: Alan Hourihane <alanh@fairlite.co.uk>

Prev by Date: Re: [MiNT] QuadWheel Java Script Library
Next by Date: Re: [MiNT] tfork() bug.
Previous by thread: Re: [MiNT] QuadWheel Java Script Library
Next by thread: Re: [MiNT] tfork() bug.
Index(es):
- Date
- Thread