ports/71005: bug in libsem

[Vivek Pandey]

>Number:         71005
>Category:       ports
>Synopsis:       bug in libsem
>Confidential:   no
>Severity:       non-critical
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Aug 26 21:10:20 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator:     Vivek Pandey
>Release:        Any
>Organization:
Hughes Systems
>Environment:
Not reqd
>Description:
There is a bug in libsem:uthread_sem.c. In function sem_destroy, there will be a problem is someone takes the lock and before it returns, the mutex is destroyed. I have modified the code. The patch file is attched. the idea is to change the magic number before releasing the lock and then destroying it. So that even if somebody comes in between, there wont be any problem
>How-To-Repeat:
      
>Fix:
*** uthread_sem.c	Thu Aug 26 16:50:20 2004
--- uthread_sem1.c	Thu Aug 26 17:01:48 2004
***************
*** 113,123 ****
  		retval = -1;
  		goto RETURN;
  	}
  	pthread_mutex_unlock(&(*sem)->lock);
  
  	pthread_mutex_destroy(&(*sem)->lock);
- 	pthread_cond_destroy(&(*sem)->gtzero);
- 	(*sem)->magic = 0;
  
  	free(*sem);
  
--- 113,123 ----
  		retval = -1;
  		goto RETURN;
  	}
+ 	pthread_cond_destroy(&(*sem)->gtzero);
+ 	(*sem)->magic[0] &= (unsigned char)(~SEM_MAGIC);
  	pthread_mutex_unlock(&(*sem)->lock);
  
  	pthread_mutex_destroy(&(*sem)->lock);
  
  	free(*sem);
>Release-Note:
>Audit-Trail:
>Unformatted: