Date: Sun, 18 Nov 2007 19:59:29 +0300 From: "Ivan Shcheklein" <shcheklein@gmail.com> To: freebsd-bugs@freebsd.org Subject: Bug in semop() in multiprocess environment? Message-ID: <3034886f0711180859r1c9d8c17n82d2f89158197d9b@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hi All,
It seems to me that there is a bug in the semop() code:
After wakeup we see the following:
/*
* The semaphore is still alive. Readjust the count of
* waiting processes.
*/
if (sopptr->sem_op == 0)
semptr->semzcnt--;
else
semptr->semncnt--;
It seems to me that "semptr" can be invalid after wakeup. For example,
semaphore's base can be changed after remove called on another previously
created semaphore.
I think semptr must be renewed after wakeup.
Ivan Shcheklein
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3034886f0711180859r1c9d8c17n82d2f89158197d9b>