> On Thu, 18 Apr 2002, Sander Striker wrote: > > > Maybe asking the obvious here, but can't we solve this with a > > simple reference counter? IOW last one destroys the mmap. > > We already have one. That's not the problem. The problem is this > sequence of events: > > 1) create a brigade > 2) create an mmap in the same pool as the brigade (or a subpool) > 3) place the mmap in an mmap bucket > 4) insert the mmap bucket into the brigade > 5) clean up the brigade's pool > > at step 5, we'll crash, because the cleanup on the apr_mmap_t destroys it > before the brigade cleanup runs (since cleanups are in LIFO order) and the > brigade cleanup deletes the mmap bucket which wants to call > apr_mmap_delete on an apr_mmap_t that was already destroyed.
Forgive me if this has been considered already (I haven't had time to keep up with the mmap issues), but why not create a variant of apr_mmap_dup() that allocates space for a new apr_mmap_t from the brigade's bucket_alloc? Then the brigade, rather than the pool, would control the lifetime of the dup'ed mmap. --Brian
