Subject: Re: [Boost-bugs] [Boost C++ Libraries] #11097: test_scheduled_tp - ThreadSanitizer: heap-use-after-free
From: Boost C++ Libraries (noreply_at_[hidden])
Date: 2016-09-03 18:40:56
#11097: test_scheduled_tp - ThreadSanitizer: heap-use-after-free
-------------------------------+----------------------
Reporter: viboes | Owner: viboes
Type: Bugs | Status: assigned
Milestone: To Be Determined | Component: thread
Version: Boost 1.57.0 | Severity: Problem
Resolution: | Keywords:
-------------------------------+----------------------
Comment (by viboes):
I believe that I've found where the problem is. The call to
super::data_.top().time
{{{
super::not_empty_.wait_until(lk, super::data_.top().time);
}}}
pass the time by reference while we need to copy it, as the storage can be
re-arranged.
{{{
template <class T, class Clock>
bool sync_timed_queue<T,
Clock>::wait_until_not_empty_time_reached_or_closed(unique_lock<mutex>&
lk)
{
for (;;)
{
if (super::closed(lk)) return true;
while (! super::empty(lk)) {
if (! time_not_reached(lk)) return false;
- super::not_empty_.wait_until(lk, super::data_.top().time);
+ time_point tp = super::data_.top().time;
+ super::not_empty_.wait_until(lk, tp);
if (super::closed(lk)) return true;
}
if (super::closed(lk)) return true;
super::not_empty_.wait(lk);
}
//return false;
}
}}}
See this commit
https://github.com/boostorg/thread/commit/c52a34c2cf1b2e9807a70065c03b0555895963df
-- Ticket URL: <https://svn.boost.org/trac/boost/ticket/11097#comment:10> Boost C++ Libraries <http://www.boost.org/> Boost provides free peer-reviewed portable C++ source libraries.
This archive was generated by hypermail 2.1.7 : 2017-02-16 18:50:20 UTC