From 0668f5916e4032e5eeec8bf0a0d43d5a4428b921 Mon Sep 17 00:00:00 2001 From: dan Date: Tue, 20 Jul 2010 18:59:00 +0000 Subject: [PATCH] Fix a race condition in os_unix.c that may occur when one thread is opening a connection to a shared-memory block and another is either closing or locking the same shared-memory. FossilOrigin-Name: 3b7330c19a5327322068e9460018fe0152b8ac87 --- manifest | 24 +++++++----------------- manifest.uuid | 2 +- src/os_unix.c | 14 ++++++++++++-- 3 files changed, 20 insertions(+), 20 deletions(-) diff --git a/manifest b/manifest index 1e1fe7b67d..1a2cc11665 100644 --- a/manifest +++ b/manifest @@ -1,8 +1,5 @@ ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA1 - -C Update\sthe\sCLI\stest\sscripts\sfor\sversion\s3.7.0. -D 2010-07-19T15:01:44 +C Fix\sa\srace\scondition\sin\sos_unix.c\sthat\smay\soccur\swhen\sone\sthread\sis\sopening\sa\sconnection\sto\sa\sshared-memory\sblock\sand\sanother\sis\seither\sclosing\sor\slocking\sthe\ssame\sshared-memory. +D 2010-07-20T18:59:01 F Makefile.arm-wince-mingw32ce-gcc fcd5e9cd67fe88836360bb4f9ef4cb7f8e2fb5a0 F Makefile.in ec08dc838fd8110fe24c92e5130bcd91cbb1ff2e F Makefile.linux-gcc d53183f4aa6a9192d249731c90dbdffbd2c68654 @@ -157,7 +154,7 @@ F src/os.c 60178f518c4d6c0dcb59f7292232281d7bea2dcf F src/os.h 9dbed8c2b9c1f2f2ebabc09e49829d4777c26bf9 F src/os_common.h a8f95b81eca8a1ab8593d23e94f8a35f35d4078f F src/os_os2.c 665876d5eec7585226b0a1cf5e18098de2b2da19 -F src/os_unix.c fa606537ade76f9779cc7ded8c8c4152ba689f3b +F src/os_unix.c 3109e0e5a0d5551bab2e8c7322b20a3b8b171248 F src/os_win.c 61734aad7f50b28f3c76eb4b19b63472f6d825d9 F src/pager.c 78ca1e1f3315c8227431c403c04d791dccf242fb F src/pager.h 879fdde5a102d2f21a3135d6f647530b21c2796c @@ -840,14 +837,7 @@ F tool/speedtest2.tcl ee2149167303ba8e95af97873c575c3e0fab58ff F tool/speedtest8.c 2902c46588c40b55661e471d7a86e4dd71a18224 F tool/speedtest8inst1.c 293327bc76823f473684d589a8160bde1f52c14e F tool/vdbe-compress.tcl d70ea6d8a19e3571d7ab8c9b75cba86d1173ff0f -P aec9e13148671e612d4ba674e74c12116573434f -R cc8a71cdcf1f8ddbafe80ed67cc43d58 -U drh -Z 4cb5643fb058da6ca551bc0da326fdfd ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.6 (GNU/Linux) - -iD8DBQFMRGjboxKgR168RlERAjz5AJ9vtWT7YvMAfDDiWvrc/eor0uoVfACfZnl8 -HqGlRJTpkbCo6mnxRXzKGvI= -=4g2f ------END PGP SIGNATURE----- +P 92fe70dadde2eb551518d69ac2eaa6a0151d7dfe +R df2a0b1fc90f9ee6b661361189db8cc8 +U dan +Z 8ff12974b6f85e5f132c185f1bb718f5 diff --git a/manifest.uuid b/manifest.uuid index 1377b9de5c..f379484903 100644 --- a/manifest.uuid +++ b/manifest.uuid @@ -1 +1 @@ -92fe70dadde2eb551518d69ac2eaa6a0151d7dfe \ No newline at end of file +3b7330c19a5327322068e9460018fe0152b8ac87 \ No newline at end of file diff --git a/src/os_unix.c b/src/os_unix.c index 43487404b2..9457516cac 100644 --- a/src/os_unix.c +++ b/src/os_unix.c @@ -3387,14 +3387,24 @@ static int unixOpenSharedMemory(unixFile *pDbFd){ /* Make the new connection a child of the unixShmNode */ p->pShmNode = pShmNode; - p->pNext = pShmNode->pFirst; #ifdef SQLITE_DEBUG p->id = pShmNode->nextShmId++; #endif - pShmNode->pFirst = p; pShmNode->nRef++; pDbFd->pShm = p; unixLeaveMutex(); + + /* The reference count on pShmNode has already been incremented under + ** the cover of the unixEnterMutex() mutex and the pointer from the + ** new (struct unixShm) object to the pShmNode has been set. All that is + ** left to do is to link the new object into the linked list starting + ** at pShmNode->pFirst. This must be done while holding the pShmNode->mutex + ** mutex. + */ + sqlite3_mutex_enter(pShmNode->mutex); + p->pNext = pShmNode->pFirst; + pShmNode->pFirst = p; + sqlite3_mutex_leave(pShmNode->mutex); return SQLITE_OK; /* Jump here on any error */