empire/empserver
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
empserver/src/lib/empthread
History
Markus Armbruster d28fbbb186 Fix race in io_output() that can lead to double-free 
Move call of ioq_makeiov() to its use, because calling it before
empth_select() is racy, as follows.

Player thread flushes output by calling io_output(player->iop, 1).
io_output() sets up iov[] to point to queued output.  empth_select()
blocks on output.

Another thread sends a C_FLASH or C_INFORM message to this player.
This calls io_output(p->iop, 0).  The output file descriptor has
become writable since the player thread blocked on it, so some output
gets written and dequeued.

The player thread resumes, writes out iov[] and dequeues.  Any output
already written by the other thread gets duplicated.  If the other
thread's dequeue operation freed struct io buffers, there's use after
free followed by double-free.
2010-07-25 18:24:00 +02:00
..
io.c Fix race in io_output() that can lead to double-free 2010-07-25 18:24:00 +02:00
lwp.c Update copyright notice 2010-01-19 08:40:17 +01:00
ntthread.c Convert spaces to tabs 2010-06-20 18:36:44 +02:00
posix.c Update copyright notice 2010-01-19 08:40:17 +01:00
pthread.c Coding style fixes, mostly indentation and whitespace 2010-06-20 18:36:38 +02:00