Google Git
Sign in
go / exp / 1eff713ba9c2d8361ebc3ce80c537babb5405fee
commit1eff713ba9c2d8361ebc3ce80c537babb5405fee[log] [tgz]
authorNigel Tao <nigeltao@golang.org>Tue Sep 22 17:37:25 2015 +1000
committerNigel Tao <nigeltao@golang.org>Wed Sep 23 00:33:19 2015 +0000
tree95c3c6177f7c29938e036771f610937e5d33cae0
parenta29910ee26b0c83585af9325181ffda6f193aabd [diff]
shiny/driver/x11driver: fix a buffer TOCTTOU race.

Previously, bufferImpl's swizzling and clean-up were done outside of
holding the b.mu lock. One goroutine could call b.postUpload and another
call b.Release, and race so that the first goroutine would check
b.released (and see false), release the b.mu lock, and call swizzle.RGBA
(as b.released was false at the time of check). Concurrently, the second
goroutine would now acquire b.mu, set b.released to true, release b.mu,
and then call b.cleanUp. The swizzle and the clean-up don't play well
together.

The fix is hold the mutex for the entirety of the Release, preUpload and
postUpload methods.

Change-Id: Ic40a918cad48a1f2159da7b3410a77faf68cef06
Reviewed-on: https://go-review.googlesource.com/14819
Reviewed-by: David Crawshaw <crawshaw@golang.org>
1 file changed
tree: 95c3c6177f7c29938e036771f610937e5d33cae0
  1. ebnf/
  2. ebnflint/
  3. fsnotify/
  4. inotify/
  5. mmap/
  6. old/
  7. shiny/
  8. utf8string/
  9. winfsnotify/
  10. .gitattributes
  11. .gitignore
  12. AUTHORS
  13. codereview.cfg
  14. CONTRIBUTING.md
  15. CONTRIBUTORS
  16. LICENSE
  17. PATENTS
  18. README