The root cause *may* be that the hash is destroyed by int_thread_del_item while (say) int_thread_get has a copy of the pointer. The locking does not seem to cover the gap between loading the pointer (int_thread_hash) and then using it. Rather the lock is taken out, the pointer loaded, the lock released. The lock is then re-acquired and then the pointer is used. This seems wrong.
My simple-minded proposal to fix the problem is to delete the code in int_thread_del_item that deletes the hash when it becomes empty. Yes, this will result in some memory being reserved and not freed...... I also suspect that the same problem could arise with int_error_hash -- that pointer is returned by int_err_get() when no lock is being held.
Advice?
Philip
-- Philip Gladstone 978-ZEN-TOAD (978-936-8623) Cisco Systems, Inc Boxboro, MA
smime.p7s
Description: S/MIME Cryptographic Signature
