From looking at the code, it appears that a thread's sys_thread_t
structure can go away from underneath a thread that is trying
to operate on it.
An example scenario is this:
Thread.interrupt() {
sysThreadInterrupt(SYSTHREAD(tid));
}
sysThreadInterrupt(sys_thread_t *tid) {
SCHED_LOCK();
tid->interrupted = 1;
if (tid->state == CONDVAR_WAIT) {
....
}
Between the time SYSTHREAD(tid) is called and the SCHED_LOCK()
is grabbed, the tid can exit. This means that the code in
sysThreadInterrupt() will be using an invalid sys_thread_t.
The main problem is that we don't check to see that the sys_thread_t
is still alive after the SCHED_LOCK() is held.
stuart.ritchie@Eng 1996-10-17
structure can go away from underneath a thread that is trying
to operate on it.
An example scenario is this:
Thread.interrupt() {
sysThreadInterrupt(SYSTHREAD(tid));
}
sysThreadInterrupt(sys_thread_t *tid) {
SCHED_LOCK();
tid->interrupted = 1;
if (tid->state == CONDVAR_WAIT) {
....
}
Between the time SYSTHREAD(tid) is called and the SCHED_LOCK()
is grabbed, the tid can exit. This means that the code in
sysThreadInterrupt() will be using an invalid sys_thread_t.
The main problem is that we don't check to see that the sys_thread_t
is still alive after the SCHED_LOCK() is held.
stuart.ritchie@Eng 1996-10-17
- duplicates
-
JDK-1247713 Need more synchronization around check+use of tid->PrivateInfo
-
- Closed
-