Re: svn commit: r1665888 - /tomcat/native/branches/1.1.x/native/src/poll.c

Tue, 17 Mar 2015 03:29:13 -0700 

On 16/03/2015 21:40, Konstantin Kolinko wrote:
> 2015-03-11 17:44 GMT+03:00  <ma...@apache.org>:
>> Author: markt
>> Date: Wed Mar 11 14:44:23 2015
>> New Revision: 1665888
>>
>> URL: http://svn.apache.org/r1665888
>> Log:
>> Fix 57653. Crash when multiple events for same socket are returned via 
>> separate apr_pollfd_t structures
>>
>> Modified:
>>     tomcat/native/branches/1.1.x/native/src/poll.c
>>
>> Modified: tomcat/native/branches/1.1.x/native/src/poll.c
>> URL: 
>> http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/native/src/poll.c?rev=1665888&r1=1665887&r2=1665888&view=diff
>> ==============================================================================
>> --- tomcat/native/branches/1.1.x/native/src/poll.c (original)
>> +++ tomcat/native/branches/1.1.x/native/src/poll.c Wed Mar 11 14:44:23 2015
>> @@ -360,7 +360,13 @@ TCN_IMPLEMENT_CALL(jint, Poll, poll)(TCN
>>              tcn_socket_t *s = (tcn_socket_t *)fd->client_data;
>>              p->set[i*2+0] = (jlong)(fd->rtnevents);
>>              p->set[i*2+1] = P2J(s);
>> -            if (remove) {
>> +            /* If a socket is registered for multiple events and the poller 
>> has
>> +               multiple events to return it may do as a single pair in this
>> +               array or as multiple pairs depending on implementation. On 
>> OSX at
>> +               least, multiple pairs have been observed. In this case do 
>> not try
>> +               and remove socket from the pollset for a second time else a 
>> crash
>> +               will result. */
>> +            if (remove && s->pe) {
>>                  apr_pollset_remove(p->pollset, fd);
>>                  APR_RING_REMOVE(s->pe, link);
>>                  APR_RING_INSERT_TAIL(&p->dead_ring, s->pe, tcn_pfde_t, 
>> link);
> 
> There shall be a separate nested "if (s->pe)" block instead of
> combined condition.  This "if" is followed by an "else" branch, which
> is now executed in an unexpected way.
> 
> Lines 357-356 before the changed code:
>         if (!remove)
>             now = apr_time_now();
> 
> Line 379-385 the "else" branch:
>             else {
>                 /* Update last active with the current time
>                  * after the poll call.
>                  */
>                 s->last_active = now;
>             }
> 
> Note how "now" is uninitialized when "remove" flag is false.

Thanks. Fixed.

> Also, there is a question of porting this fix to Native trunk.

I'll take a look.

Mark


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to