[PATCH] fix race condition in protected_change_timeout()
Lucas C. Villa Real
lucasvr at gobolinux.org
Fri Apr 17 14:23:31 PDT 2009
This patch fixes a race condition that can happen when 2 threads call
dbus_connection_send_with_reply() at the same time on the same
Before sending the message, dbus_connection_send_with_reply() first
calls CONNECTION_LOCK(connection), gets a pending object, assigns a
serial number to that object and then attaches that object to the
pending replies hash.
The race happens when we call protected_change_timeout(), which will
set connections->timeouts to NULL, call CONNECTION_UNLOCK(connection),
add the new timeout to the saved timeouts list and then reacquire the
lock to assign the changed timeouts list to the connection object.
During that time another call to add, remove or toggle that timeout
will hit a NULL connections->timeouts reference and will propagate
-ENOMEM to the caller, which will get in panic and will start looking
for places to reduce memory consumption in his application :-)
Patch against DBUS 1.2.12.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 1772 bytes
Desc: not available
Url : http://lists.freedesktop.org/archives/dbus/attachments/20090417/dc139cc9/attachment.obj
More information about the dbus