fix sem_close unmapping of still-referenced semaphore

sem_open is required to return the same sem_t pointer for all
references to the same named semaphore when it's opened more than once
in the same process. thus we keep a table of all the mapped semaphores
and their reference counts. the code path for sem_close checked the
reference count, but then proceeded to unmap the semaphore regardless
of whether the count had reached zero.

add an immediate unlock-and-return for the nonzero refcnt case so the
property of performing the munmap syscall after releasing the lock can
be preserved.
This commit is contained in:
Rich Felker 2020-10-28 16:13:45 -04:00
parent 613ccabeb0
commit f70375df85

View File

@ -163,10 +163,12 @@ int sem_close(sem_t *sem)
int i;
LOCK(lock);
for (i=0; i<SEM_NSEMS_MAX && semtab[i].sem != sem; i++);
if (!--semtab[i].refcnt) {
semtab[i].sem = 0;
semtab[i].ino = 0;
if (--semtab[i].refcnt) {
UNLOCK(lock);
return 0;
}
semtab[i].sem = 0;
semtab[i].ino = 0;
UNLOCK(lock);
munmap(sem, sizeof *sem);
return 0;