Commit 945c7dbf authored by Philippe Gerum's avatar Philippe Gerum

copperplate/threadobj: fix NULL dereference in threadobj_unblock()

threadobj_unblock() simply does not work, dereferencing a NULL pointer
whenever it actually manages to unblock a thread waiting on a
synchronization object.

Calling syncobj_flush() on this object to wake up waiters zeroes the
wait_sobj field in the corresponding TCBs, so don't dereference
thobj->wait_sobj past this point.

Thread 1 "main" received signal SIGSEGV, Segmentation fault.
0x00007ffff79aeda0 in __syncobj_tag_unlocked (sobj=0x0) at include/copperplate/syncobj.h:100
100		assert(sobj->flags & SYNCOBJ_LOCKED);
(gdb) bt
parent 05019431
......@@ -1564,10 +1564,13 @@ int threadobj_unblock(struct threadobj *thobj) /* thobj->lock held */
sobj = thobj->wait_sobj;
if (sobj) {
ret = syncobj_lock(sobj, &syns);
/*
* Remove PEND (+DELAY timeout).
* CAUTION: thobj->wait_obj goes NULL upon flush.
*/
if (ret == 0) {
/* Remove PEND (+DELAY timeout) */
syncobj_flush(thobj->wait_sobj);
syncobj_unlock(thobj->wait_sobj, &syns);
syncobj_flush(sobj);
syncobj_unlock(sobj, &syns);
return 0;
}
}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment