Henry Ping wrote:
> Looks good.
Thanks, now checked into HEAD.
--greg.
>
> -->Henry
>
>> -----Original Message-----
>> From: filesystem-dev-bounces helixcommunity.org
>> [mailto:filesystem-dev-bounceshelixcommunity.org] On Behalf
>> Of Greg Wright
>> Sent: Friday, March 30, 2007 3:14 PM Ping
>> To: filesystem-devhelixcommunity.org
>> Subject: [Filesystem-dev] CR: Fix crash in
httpfsys.
>>
>> Project
>> =======
>>
>> Synopsis
>> ========
>> If you try to stream a SMIL file over HTTP it will
crash.
>> Dies trying lock a mutex that is NULL.
>>
>> Fix
>> ===
>> What happens with this is that the stack gets
pretty deep, I
>> guess due to the multiple sources in the SMIL file,
and when
>> the stack is unwinding Close() is called and that
mutex is released.
>> Then, when it returns to the next stack frame it
tries to
>> lock that same mutex and dies.
>>
>> The fix is to simply not destroy that mutex until
the
>> destructor is called.
>>
>> All the rest of the diffs are just changes to use
HX_LOCK and
>> HX_UNLOCK.
>>
>>
>> Files Modified
>> ==============
>> filesystem/http/httpfsys.cpp
>>
>> Branch(s)
>> =========
>> HEAD only, 150Cay does not have the problem.
>>
>> --greg.
>>
>>
>> Index: httpfsys.cpp
>>
============================================================
=======
>> RCS file: /cvsroot/filesystem/http/httpfsys.cpp,v
>> retrieving revision 1.103
>> diff -u -w -r1.103 httpfsys.cpp
>> --- httpfsys.cpp 19 Sep 2006 21:10:07 -0000 1.103
>> +++ httpfsys.cpp 30 Mar 2007 21:49:31 -0000
>> -262,6 +262,7
>>
>> CChunkyResMap::~CChunkyResMap()
>> {
>> +
>> delete m_pChunkyResURLMap;
>> }
>>
>> -1153,6 +1154,7
>> m_pContext->AddRef();
>>
>> CreateInstanceCCF(CLSID_IHXMutex,
(void**)&m_pMutex,
>> m_pContext);
>> + HX_ASSERT( m_pMutex );
>>
>>
m_pContext->QueryInterface(IID_IHXScheduler,
>> (void**) &m_pScheduler);
>>
>>
m_pContext->QueryInterface(IID_IHXCommonClassFactory,
(void
>> **)&m_pCommonClassFactory); -1182,9
+1184,8
>> //
>> // get proxy info for HTTP protocol
>> //
>> -
>> - IHXBuffer* pBuffer = NULL;
>> UINT32 ulValue = 0;
>> + IHXBuffer* pBuffer = NULL;
>>
>> if (m_pPreferences)
>> {
>> -1299,8 +1300,8
>> }
>>
>> m_bInDestructor = TRUE;
>> -
>> Close();
>> + HX_RELEASE(m_pMutex);
>> }
>>
>>
>>
/***********************************************************
**
>> ***********
>> -1318,7 +1319,7
>> IHXFileResponse* /*IN*/ pFileResponse
>> )
>> {
>> - m_pMutex->Lock();
>> + HX_LOCK(m_pMutex);
>>
>> HXLOGL1(HXLOG_HTTP, "Init");
>>
>> -1387,13 +1388,13
>> _SetCurrentReadPos(0);
>>
m_bServerPresumablyWorksWithByteRangeRequests = TRUE;
>>
>> - m_pMutex->Unlock();
>> + HX_UNLOCK(m_pMutex);
>>
m_pFileResponse->InitDone(HXR_OK);
>> return HXR_OK;
>> }
>> else
>> {
>> - m_pMutex->Unlock();
>> + HX_UNLOCK(m_pMutex);
>>
m_pFileResponse->InitDone(HXR_FAILED);
>> return HXR_FAILED;
>> }
>> -1420,7 +1421,7
>>
m_pFileResponse->InitDone(HXR_FAILED);
>> }
>>
>> - m_pMutex->Unlock();
>> + HX_UNLOCK(m_pMutex);
>> return theErr;
>> }
>>
>> -1600,7 +1601,6
>> m_bClosed = TRUE;
>>
>> HX_UNLOCK(m_pMutex);
>> - HX_RELEASE(m_pMutex);
>>
>> if (m_bInDestructor)
>> {
>> -1687,11 +1687,11
>> {
>> HXLOGL1(HXLOG_HTTP, "Read (%d)
cancelled! Seek is
>> pending!", ulCount);
>>
>> - m_pMutex->Unlock();
>> + HX_UNLOCK(m_pMutex);
>>
>> CallReadDone(HXR_SEEK_PENDING ,NULL);
>>
>> - m_pMutex->Lock();
>> + HX_LOCK(m_pMutex);
>>
>> return HXR_UNEXPECTED;
>> }
>> -1750,9 +1750,9
>> }
>> }
>>
>> - m_pMutex->Unlock();
>> + HX_UNLOCK(m_pMutex);
>> lResult = ProcessPendingReads();
>> - m_pMutex->Lock();
>> + HX_LOCK(m_pMutex);
>>
>> return lResult;
>> }
>> -1813,9 +1813,9
>> while (m_PendingReadList.GetCount())
>> {
>> m_PendingReadList.RemoveHead();
>> - m_pMutex->Unlock();
>> + HX_UNLOCK(m_pMutex);
>>
m_pFileResponse->ReadDone(HXR_CANCELLED, NULL);
>> - m_pMutex->Lock();
>> + HX_LOCK(m_pMutex);
>> }
>>
>> if (bRelative)
>> -1834,9 +1834,9
>>
m_bSeekPending?"Seek":"",
m_bReadPending?"Read":"");
>>
>> m_bSeekPending = FALSE;
>> - m_pMutex->Unlock();
>> + HX_UNLOCK(m_pMutex);
>>
m_pFileResponse->SeekDone(HXR_CANCELLED);
>> - m_pMutex->Lock();
>> + HX_LOCK(m_pMutex);
>> }
>>
>> if (_GetContiguousLength() > 0)
>> -1856,18 +1856,18
>> {
>> HXLOGL4(HXLOG_HTTP, "Seek:
no reconnect
>> necessary, has data already");
>>
>> - m_pMutex->Unlock();
>> + HX_UNLOCK(m_pMutex);
>>
m_pFileResponse->SeekDone(HXR_OK);
>> - m_pMutex->Lock();
>> + HX_LOCK(m_pMutex);
>> }
>> }
>> else
>> {
>> HXLOGL4(HXLOG_HTTP, "Seek: no
byte range
>> support, will wait for data if necessary");
>>
>> - m_pMutex->Unlock();
>> + HX_UNLOCK(m_pMutex);
>>
m_pFileResponse->SeekDone(HXR_OK);
>> - m_pMutex->Lock();
>> + HX_LOCK(m_pMutex);
>> }
>> }
>> else
>> -1879,17 +1879,17
>> {
>> HXLOGL2(HXLOG_HTTP, "Seek:
at end of read content");
>>
>> - m_pMutex->Unlock();
>> + HX_UNLOCK(m_pMutex);
>>
m_pFileResponse->SeekDone(HXR_OK);
>> - m_pMutex->Lock();
>> + HX_LOCK(m_pMutex);
>> }
>> else if (m_bKnowContentSize
&&
>> m_ulCurrentReadPosition == m_nContentSize)
>> {
>> HXLOGL2(HXLOG_HTTP, "Seek:
at end of content");
>>
>> - m_pMutex->Unlock();
>> + HX_UNLOCK(m_pMutex);
>>
m_pFileResponse->SeekDone(HXR_OK);
>> - m_pMutex->Lock();
>> + HX_LOCK(m_pMutex);
>> }
>> else
>> {
>> -1916,16 +1916,16
>> // signal the caller about the
end of content
>> if (m_ulCurrentReadPosition ==
m_nContentRead)
>> {
>> - m_pMutex->Unlock();
>> + HX_UNLOCK(m_pMutex);
>>
m_pFileResponse->SeekDone(HXR_OK);
>> - m_pMutex->Lock();
>> + HX_LOCK(m_pMutex);
>> }
>> else
>> {
>>
HX_ASSERT(m_ulCurrentReadPosition >
>> m_nContentRead);
>> - m_pMutex->Unlock();
>> + HX_UNLOCK(m_pMutex);
>>
m_pFileResponse->SeekDone(HXR_FAILED);
>> - m_pMutex->Lock();
>> + HX_LOCK(m_pMutex);
>> }
>> }
>> else /* add it to the seek pending
queue...*/
>> -2683,9 +2683,9
>> // This prompts client to write Post
Data.
>> if (m_pFileResponse)
>> {
>> - m_pMutex->Unlock();
>> + HX_UNLOCK(m_pMutex);
>> theErr =
m_pFileResponse->WriteDone(HXR_OK);
>> - m_pMutex->Lock();
>> + HX_LOCK(m_pMutex);
>> }
>> }
>> }
>> -2709,27 +2709,27
>> HXLOGL2(HXLOG_HTTP, "ProcessIdle
notices SeekDone");
>>
>> m_bSeekPending = FALSE;
>> - m_pMutex->Unlock();
>> + HX_UNLOCK(m_pMutex);
>>
m_pFileResponse->SeekDone(HXR_OK);
>> - m_pMutex->Lock();
>> + HX_LOCK(m_pMutex);
>> }
>> else if (m_bReadContentsDone)
>> {
>> HXLOGL1(HXLOG_HTTP, "ProcessIdle
notices
>> SeekDone will fail");
>>
>> m_bSeekPending = FALSE;
>> - m_pMutex->Unlock();
>> + HX_UNLOCK(m_pMutex);
>>
m_pFileResponse->SeekDone(HXR_FAILED);
>> - m_pMutex->Lock();
>> + HX_LOCK(m_pMutex);
>> }
>> }
>>
>>
>> _DoSomeReadingFromSocket(TRUE);
>>
>> - m_pMutex->Unlock();
>> + HX_UNLOCK(m_pMutex);
>> HX_RESULT ReadErr = ProcessPendingReads();
>> - m_pMutex->Lock();
>> + HX_LOCK(m_pMutex);
>>
>> if(!theErr)
>> {
>> -2829,27 +2829,27
>> if (m_bInitResponsePending &&
m_pFileResponse)
>> {
>> m_bInitResponsePending = FALSE;
>> - m_pMutex->Unlock();
>> + HX_UNLOCK(m_pMutex);
>>
m_pFileResponse->InitDone(m_bPartialData ?
>> HXR_RESOURCE_PARTIALCOPY : HXR_OK);
>> - m_pMutex->Lock();
>> + HX_LOCK(m_pMutex);
>> }
>>
>> if (m_bFileExistsResponsePending
&&
>> m_pFileExistsResponse)
>> {
>> AddNoCacheHeader();
>> m_bFileExistsResponsePending =
FALSE;
>> - m_pMutex->Unlock();
>> + HX_UNLOCK(m_pMutex);
>>
m_pFileExistsResponse->DoesExistDone(TRUE);
>> - m_pMutex->Lock();
>> + HX_LOCK(m_pMutex);
>>
HX_RELEASE(m_pFileExistsResponse);
>> }
>>
>> if (m_bMimeResponsePending &&
m_pMimeMapperResponse)
>> {
>> m_bMimeResponsePending = FALSE;
>> - m_pMutex->Unlock();
>> + HX_UNLOCK(m_pMutex);
>>
>> m_pMimeMapperResponse->MimeTypeFound(HXR_OK,
pMimeType);
>> - m_pMutex->Lock();
>> + HX_LOCK(m_pMutex);
>>
>> // MimeTypeFound() may cause us
to close if
>> the Response object
>> // decides it doesn't like our
mimetype and
>> shuts us down.
>> -2922,9 +2922,9
>> // but we have pending reads. The
user
>> called too many reads, or the connection
>> // has died before all data was
sent.
>> HXLOGL1(HXLOG_HTTP,
"ProcessPendingReads
>> Read() failure due to insufficient content");
>> - m_pMutex->Unlock();
>> + HX_UNLOCK(m_pMutex);
>> CallReadDone(HXR_FAIL , NULL);
>> - m_pMutex->Lock();
>> + HX_LOCK(m_pMutex);
>> continue; //
CallReadDone(HXR_FAIL..) for
>> remaining reads in pending list
>> }
>> }
>> -2966,9 +2966,9
>> /* Remove from pending list */
>> m_PendingReadList.RemoveHead();
>>
>> - m_pMutex->Unlock();
>> + HX_UNLOCK(m_pMutex);
>> CallReadDone(HXR_OK ,pBuffer);
>> - m_pMutex->Lock();
>> + HX_LOCK(m_pMutex);
>> }
>> else
>> {
>> -3783,9 +3783,9
>>
>> if (bHandleReadImmediately)
>> {
>> - m_pMutex->Unlock();
>> + HX_UNLOCK(m_pMutex);
>> ProcessPendingReads();
>> - m_pMutex->Lock();
>> + HX_LOCK(m_pMutex);
>> }
>> }
>> break;
>>
>>
>>
>> _______________________________________________
>> Filesystem-dev mailing list
>> Filesystem-devhelixcommunity.org
>> http://lists.helixcommunity.org/mailman/listinfo/
filesystem-dev
>
_______________________________________________
Filesystem-dev mailing list
Filesystem-devhelixcommunity.org
http://lists.helixcommunity.org/mailman/listinfo/
filesystem-dev
|
