![(please configure the [header_logo] section in trac.ini)](/repos/chrome/site/pj.jpg)
Opened 15 years ago
Closed 15 years ago
#913 closed defect (fixed)
Concurrency problem in select ioqueue may corrupt descriptor set
| Reported by: | bennylp | Owned by: | bennylp |
|---|---|---|---|
| Priority: | major | Milestone: | release-1.4 |
| Component: | pjlib | Version: | trunk |
| Keywords: | Cc: | ||
| Backport to 1.x milestone: | Backported: |
Description (last modified by bennylp)
If one thread is unregistering the socket while another is issuing pending operation such as recv or send, this may corrupt the descriptor set in the ioqueue, causing subsequent select() inside pj_ioqueue_poll() to return error.
Detailed scenario:
- thread A issues pj_ioqueue_recv(), and midway it is interrupted by thread B
- thread B issues pj_ioqueue_unregister(sock) which closes the socket.
- thread A resumes execution, ultimately gaining the key's mutex. But it does not check if the key has been unregistered. It adds the socket handle (which has been closed by thread B) to the read descriptor set.
- subsequent select() will return -1 since it contains invalid handle
This will cause the ioqueue to stop receiving events.
Change History (2)
comment:1 Changed 15 years ago by bennylp
- Description modified (diff)
- Priority changed from normal to major
- Summary changed from Concurrency problem in ioqueue to Concurrency problem in select ioqueue may corrupt descriptor set
comment:2 Changed 15 years ago by bennylp
- Resolution set to fixed
- Status changed from new to closed
Note: See
TracTickets for help on using
tickets.
In r2826: