I found a problem this infinite loop case. If server is deleted, then ECORE_IPC_EVENT_SERVER_DEL callback function will be called in client side. It will happen infinite loop in ecore_ipc_shutdown if ecore_ipc_shutdown called in this ECORE_IPC_EVENT_SERVER_DEL callback function.
For example,
server_del_handler = ecore_event_handler_add(ECORE_IPC_EVENT_SERVER_DEL,
_server_del_cb, NULL);
static Eina_Bool
_server_del_cb(void *data, int type, void *event)
{
ecore_ipc_shutdown();
return EINA_TRUE;
}
If server is deleted,
1. _ecore_ipc_event_server_del : svr->event_count++
2. _server_del_cb : ecore_ipc_shutdown called
3. ecore_ipc_shutdown : while (servers)
ecore_ipc_server_del(eina_list_data_get(servers))
4. ecore_ipc_server_del : can't eina_list_remove(servers, svr) because
event_count != 0
5. infinite loop
I think this while code is very dangerous whether user miss or not.
I modified EINA_LIST_FOREACH_SAFE instead of EINA_LIST_FOREACH refer to
ecore_con.
Please review this patch.
Thanks.
------- Original Message -------
Sender : Carsten Haitzler<[email protected]>
Date : 2012-02-02 18:00 (GMT+09:00)
Title : Re: [E-devel] [Patch] ecore_ipc - remove potential risk in
ecore_ipc_shutdown
On Wed, 01 Feb 2012 03:06:01 +0000 (GMT) Jeong-Hyun Yun
<[email protected]> said:
> Dear All.
>
> I removed potential risk in ecore_ipc_shutdown.
>
> If servers can't eina_list removed in ecore_ipc_server_del(),
> for example, delete_me is true or event_count == 0 or etc.,
> then the while loop will be infinite.
>
> I modified EINA_LIST_FOREACH instead of while loop.
>
> Please review this patch.
this is dangerous. very. take a look at this line in ecore_ipc_server_del():
servers = eina_list_remove(servers, svr);
so what happens when as you walk a list.. you remove the exact item you are
walking... then you try use the list node ->next member.. that you just
freed? :)
this is not a fix. it's asking for segv's.
you issue is this:
if (svr->event_count == 0)
ie it wont remove until events have been spooled out from the server. this wont
happen until the mainloop goes and runs again, so you have a problem. what i'd
do is have a routine before u server_del that finds all events for that server
and deletes them. :) the problem is that there isn't a list of these per
server. all the events point back to this server so u basically have a
referencing issue. if a ref that wont be removed until mainlooop flushes the
events. you want to look over there.
--
------------- Codito, ergo sum - "I code, therefore I am" --------------
The Rasterman (Carsten Haitzler) [email protected]
<p> </p><p> </p>
ecore_ipc.patch
Description: Binary data
------------------------------------------------------------------------------ Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/
_______________________________________________ enlightenment-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/enlightenment-devel
