[haiku-commits] r35752 - haiku/trunk/src/system/kernel/slab
- From: ingo_weinhold@xxxxxx
- To: haiku-commits@xxxxxxxxxxxxx
- Date: Thu, 4 Mar 2010 02:55:37 +0100 (CET)
Author: bonefish
Date: 2010-03-04 02:55:37 +0100 (Thu, 04 Mar 2010)
New Revision: 35752
Changeset: http://dev.haiku-os.org/changeset/35752/haiku
Ticket: http://dev.haiku-os.org/ticket/5489
Ticket: http://dev.haiku-os.org/ticket/5497
Modified:
haiku/trunk/src/system/kernel/slab/ObjectDepot.cpp
Log:
exchange_with_empty() did not set the freeMagazine return value to NULL when
the maximum magazine count wasn't reached yet. With object_depot_store() not
resetting its local variable, a magazine could thus be emptied and freed
twice. Fixes #5489 and #5497.
Modified: haiku/trunk/src/system/kernel/slab/ObjectDepot.cpp
===================================================================
--- haiku/trunk/src/system/kernel/slab/ObjectDepot.cpp 2010-03-03 23:45:41 UTC
(rev 35751)
+++ haiku/trunk/src/system/kernel/slab/ObjectDepot.cpp 2010-03-04 01:55:37 UTC
(rev 35752)
@@ -143,6 +143,7 @@
if (depot->full_count < depot->max_count) {
_push(depot->full, magazine);
depot->full_count++;
+ freeMagazine = NULL;
} else
freeMagazine = magazine;
}
@@ -252,8 +253,6 @@
void
object_depot_store(object_depot* depot, void* object, uint32 flags)
{
- DepotMagazine* freeMagazine = NULL;
-
ReadLocker readLocker(depot->outer_lock);
InterruptsLocker interruptsLocker;
@@ -268,6 +267,7 @@
if (store->loaded != NULL && store->loaded->Push(object))
return;
+ DepotMagazine* freeMagazine = NULL;
if ((store->previous != NULL && store->previous->IsEmpty())
|| exchange_with_empty(depot, store->previous,
freeMagazine)) {
std::swap(store->loaded, store->previous);
Other related posts:
