From 8405bc62c301d5feb5d6e77f6d377a55d91ab806 Mon Sep 17 00:00:00 2001 From: khizmax Date: Sun, 10 Jan 2016 14:15:45 +0300 Subject: [PATCH] Issue #50: fixed possible double-free case in flat combining algorithm --- cds/algo/flat_combining.h | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/cds/algo/flat_combining.h b/cds/algo/flat_combining.h index 15f27dcc..c033d6c0 100644 --- a/cds/algo/flat_combining.h +++ b/cds/algo/flat_combining.h @@ -338,7 +338,7 @@ namespace cds { namespace algo { publication_record * pRec = p; p = p->pNext.load( memory_model::memory_order_relaxed ); - if ( pRec->nState.load( memory_model::memory_order_relaxed ) == removed ) + if ( pRec->nState.load( memory_model::memory_order_acquire ) == removed ) free_publication_record( static_cast( pRec )); } } @@ -573,13 +573,12 @@ namespace cds { namespace algo { // Thread done // pRec that is TLS data should be excluded from publication list if ( pRec ) { - if ( pRec->pOwner && pRec->nState.load(memory_model::memory_order_relaxed) == active ) { - // record is active and kernel is alive - unsigned int nState = active; - pRec->nState.compare_exchange_strong( nState, removed, memory_model::memory_order_release, atomics::memory_order_relaxed ); + if ( pRec->pOwner ) { + // kernel is alive + pRec->nState.store( removed, memory_model::memory_order_release ); } else { - // record is not in publication list or kernel already deleted + // kernel already deleted free_publication_record( pRec ); } } -- 2.34.1