From 265f265c677bc5399dbb1cfa449cb4b915a6459f Mon Sep 17 00:00:00 2001 From: Mark Janossy Date: Fri, 9 Mar 2012 09:54:23 -0500 Subject: [PATCH] deprecated threads: fix race in GStaticRecMutex The very last access to the 'depth' field of GStaticRecMutex in g_static_rec_mutex_unlock_full() was being performed after dropping the implementation mutex for the last time. This allowed the lock to be dropped an additional time if it was acquired in another thread right at that instant (which is somewhat likely, since another thread could have just been woken up by the lock being released). https://bugzilla.gnome.org/show_bug.cgi?id=670846 --- glib/deprecated/gthread-deprecated.c | 13 ++++++++----- 1 files changed, 8 insertions(+), 5 deletions(-) diff --git a/glib/deprecated/gthread-deprecated.c b/glib/deprecated/gthread-deprecated.c index 13cd188..a3cba18 100644 --- a/glib/deprecated/gthread-deprecated.c +++ b/glib/deprecated/gthread-deprecated.c @@ -807,14 +807,17 @@ g_static_rec_mutex_unlock_full (GStaticRecMutex *mutex) { GRecMutex *rm; gint depth; + gint i; rm = g_static_rec_mutex_get_rec_mutex_impl (mutex); + + /* all access to mutex->depth done while still holding the lock */ depth = mutex->depth; - while (mutex->depth) - { - mutex->depth--; - g_rec_mutex_unlock (rm); - } + i = mutex->depth; + mutex->depth = 0; + + while (i--) + g_rec_mutex_unlock (rm); return depth; } -- 1.7.9.1