This is the mail archive of the
mailing list for the Cygwin project.
Re: tty_list::terminate() tty_master NULL pointer deference
- From: Corinna Vinschen <corinna-cygwin at cygwin dot com>
- To: cygwin at cygwin dot com
- Date: Tue, 14 Dec 2004 18:24:33 +0100
- Subject: Re: tty_list::terminate() tty_master NULL pointer deference
- References: <200412140556.iBE5uxBe029829@main.electric-cloud.com>
- Reply-to: cygwin at cygwin dot com
On Dec 13 21:54, Conrad W Song wrote:
> There is a race/bug between ?tty_list::allocate_tty()? and
> ?tty_list::terminate()?.? The cuprits appear to be:
> 1) ?tty_list::terminate? does not hold the ?tty_mutex? before freeing a tty
> 2) ?tty::init()? does not clear ?master_pid? field as called by
> The result is that ?allocate_tty()? can enter quickly reusing the same PID
> as the process which used to own the master tty (for some reason Windows
> decides to recycle PIDs very quickly).? The process thinks that it is
> holding the master tty (even though the _prior_ process was terminated --
> same PID but different process), and ?tty_master? remains NULL.? Upon
> ?tty_list::terminate?, ?tty_master? is then NULL dereferenced.
> I have tried fixing 'tty::init()' to zero out the 'master_pid' field, and it
> appears to solve the problem (have not checked it for other bad behavior),
> as does the workaround of using ?CYGWIN=notty?.? However, I do not believe
> that the back-to-back PID reuse is timing sensitive, so I am surprised that
> strace could not pick up the problem. I therefore suspect a flaw in my
> analysis and am still suspicious about the need for 'tty_mutex' locking in
> 'tty_list::terminate'.? I will try to provide a reproducing test case soon.
Thanks for your analysis! I've applied a matching patch.
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Project Co-Leader mailto:email@example.com
Red Hat, Inc.
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html