On 03/22/10 05:48 PM, Michael Hunter wrote: > On Mon, 22 Mar 2010 16:56:21 -0400 > "Anurag S. Maskey"<Anurag.Maskey at Sun.COM> wrote: > > >> CR 6935812 race in enm deactivate when switching NCPs >> >> http://zhadum.east/export/ws/am223141/checkout-area/onnv-bug-6935812/webrev/ >> >> I've updated the Evaluation of the bug with the fix. It involves >> release the object before calling nwamd_start_childv() and then grabbing >> the object again and making sure that it hasn't been re-inited while the >> script was running. >> >> Please provide comments. >> > Since you release the handle when you run the script I think something > could come along and free it followed by it being reallocated. Given > the way some allocators work 'x = malloc(N); free(x); y = malloc(N);' > would often return the same number. Its the hottest memory of the right > size. So your comparison of the pointers to see if the object is the > same will be a false positive. > The order of the malloc()s and free()s are different. The new handle is read first, and then the old handle is released (in nwamd_enm_handle_init_event()), so it is technically a x = malloc(N), y = malloc(N), free(x), x = y.
Anurag
