Menu
▾
▴
Re: [Syllable-developer] Porting help
|
From: Kristian V. D. V. <va...@li...> - 2008-11-01 15:57:31
|
On Sat, 2008-11-01 at 15:39 +0100, Stephan Assmus wrote:
> Kristian Van Der Vliet wrote:
> > On Sat, 2008-11-01 at 14:44 +0100, Stefano D'Angelo wrote:
> > > 2008/11/1 Kristian Van Der Vliet <va...@li...>:
> > > > On Sat, 2008-11-01 at 11:42 +0100, Stefano D'Angelo wrote:
> > > >> I investigated a bit into Syllable's source code and it seems like
> > > >> some weird stuff is going on... First, in pthread_exit(), this cycle
> > > >> seems to be broken:
> > > >>
> > > >> 231 while ( cleanup )
> > > >> 232 {
> > > >> 233 if ( cleanup->routine )
> > > >> 234 (*cleanup->routine) (cleanup->arg);
> > > >> 235 cleanup = cleanup->prev;
> > > >> 236 free( cleanup );
> > > >> 237 }
> > > >>
> > > >> since after the first loop, cleanup points to a freed memory
> > > >> location, which shouldn't be considered valid any more (unless you
> > > >> have very very strange memory handling routines/conventions, but I
> > > >> doubt that).
> > > >
> > > > Believe it or not that loop is actually O.K. It works backwards
> > > > through the list, calling the cleanup handlers and then freeing the
> > > > structures as it goes. For the first item in the list, prev will be
> > > > NULL and free(NULL) is a valid no-op, and the loop will then exit. I
> > > > admit it is non-obvious.
> >
> > Anthony has pointed out to me that there is an issue here in that the
> > first cleanup structure in the list is never free'd, which is a valid
> > problem here.
>
> No, it is really more broken than that. After calling free(cleanup), the
> pointer points to free()d memory, but you happly dereference it in the next
> iteration of the loop.
Yes, you're right. I had some sort of mental disconnect and couldn't see
the deference in the next iteration. Stefanos original solution is
correct.
--
Vanders
http://www.syllable.org
|
