From 1cd98f7072e5db213a4fe2b64666480101b1edae Mon Sep 17 00:00:00 2001 From: vasiljevic Date: Sat, 26 Apr 2008 11:37:45 +0000 Subject: generic/tclAsync.c: Tcl_AsyncDelete(): panic if attempt to locate handler token fails. Happens when some other thread attempts to delete somebody else's token. --- ChangeLog | 6 ++++++ generic/tclAsync.c | 44 ++++++++++++++++++++++++++------------------ 2 files changed, 32 insertions(+), 18 deletions(-) diff --git a/ChangeLog b/ChangeLog index 068fbf6..855ff1d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +2007-04-26 Zoran Vasiljevic + + * generic/tclAsync.c: Tcl_AsyncDelete(): panic if attempt + to locate handler token fails. Happens when some other + thread attempts to delete somebody else's token. + 2008-04-17 Andreas Kupries *** 8.4.19 TAGGED FOR RELEASE *** diff --git a/generic/tclAsync.c b/generic/tclAsync.c index c99cea9..f036b47 100644 --- a/generic/tclAsync.c +++ b/generic/tclAsync.c @@ -12,7 +12,7 @@ * See the file "license.terms" for information on usage and redistribution * of this file, and for a DISCLAIMER OF ALL WARRANTIES. * - * RCS: @(#) $Id: tclAsync.c,v 1.6.12.1 2006/07/11 13:18:10 vasiljevic Exp $ + * RCS: @(#) $Id: tclAsync.c,v 1.6.12.2 2008/04/26 11:37:47 vasiljevic Exp $ */ #include "tclInt.h" @@ -275,6 +275,13 @@ Tcl_AsyncInvoke(interp, code) * Side effects: * The state associated with the handler is deleted. * + * Failure to locate the handler in current thread private list + * of async handlers will result in panic; exception: the list + * is already empty (potential trouble?). + * Consequently, threads should create and delete handlers + * themselves. I.e. a handler created by one should not be + * deleted by some other thread. + * *---------------------------------------------------------------------- */ @@ -284,31 +291,32 @@ Tcl_AsyncDelete(async) { ThreadSpecificData *tsdPtr = TCL_TSD_INIT(&dataKey); AsyncHandler *asyncPtr = (AsyncHandler *) async; - AsyncHandler *prevPtr; + AsyncHandler *prevPtr, *thisPtr; /* - * Conservatively check the existence of the linked list of - * registered handlers, as we may come at this point even - * when the TSD's for the current thread have been already - * garbage-collected. + * If we come to this point when TSD's for the current + * thread have already been garbage-collected, we are + * in the _serious_ trouble. OTOH, we tolerate calling + * with already cleaned-up handler list (should we?). */ Tcl_MutexLock(&tsdPtr->asyncMutex); - if (tsdPtr->firstHandler != NULL ) { - if (tsdPtr->firstHandler == asyncPtr) { + if (tsdPtr->firstHandler != NULL) { + prevPtr = thisPtr = tsdPtr->firstHandler; + while (thisPtr != NULL && thisPtr != asyncPtr) { + prevPtr = thisPtr; + thisPtr = thisPtr->nextPtr; + } + if (thisPtr == NULL) { + panic("Tcl_AsyncDelete: cannot find async handler"); + } + if (asyncPtr == tsdPtr->firstHandler) { tsdPtr->firstHandler = asyncPtr->nextPtr; - if (tsdPtr->firstHandler == NULL) { - tsdPtr->lastHandler = NULL; - } } else { - prevPtr = tsdPtr->firstHandler; - while (prevPtr->nextPtr != asyncPtr) { - prevPtr = prevPtr->nextPtr; - } prevPtr->nextPtr = asyncPtr->nextPtr; - if (tsdPtr->lastHandler == asyncPtr) { - tsdPtr->lastHandler = prevPtr; - } + } + if (asyncPtr == tsdPtr->lastHandler) { + tsdPtr->lastHandler = prevPtr; } } Tcl_MutexUnlock(&tsdPtr->asyncMutex); -- cgit v0.12