Re: [Syllable-developer] Porting help

[Stephan A. <sup...@gm...>]

Kristian Van Der Vliet wrote:
> On Sat, 2008-11-01 at 14:44 +0100, Stefano D'Angelo wrote:
> > 2008/11/1 Kristian Van Der Vliet <va...@li...>:
> > > On Sat, 2008-11-01 at 11:42 +0100, Stefano D'Angelo wrote:
> > >> I investigated a bit into Syllable's source code and it seems like 
> > >> some weird stuff is going on... First, in pthread_exit(), this cycle 
> > >> seems to be broken:
> > >>
> > >>   231         while ( cleanup )
> > >>   232         {
> > >>   233                 if ( cleanup->routine )
> > >>   234                         (*cleanup->routine) (cleanup->arg);
> > >>   235                 cleanup = cleanup->prev;
> > >>   236                 free( cleanup );
> > >>   237         }
> > >>
> > >> since after the first loop, cleanup points to a freed memory 
> > >> location, which shouldn't be considered valid any more (unless you 
> > >> have very very strange memory handling routines/conventions, but I 
> > >> doubt that).
> > >
> > > Believe it or not that loop is actually O.K. It works backwards 
> > > through the list, calling the cleanup handlers and then freeing the 
> > > structures as it goes. For the first item in the list, prev will be 
> > > NULL and free(NULL) is a valid no-op, and the loop will then exit. I 
> > > admit it is non-obvious.
> 
> Anthony has pointed out to me that there is an issue here in that the 
> first cleanup structure in the list is never free'd, which is a valid 
> problem here.

No, it is really more broken than that. After calling free(cleanup), the 
pointer points to free()d memory, but you happly dereference it in the next 
iteration of the loop.

Best regards,
-Stephan