[Magick-bugs] Race condition in typical usage of DestroySemaphoreInfo
emagick at magic.ms
emagick at magic.ms
Fri May 30 07:30:44 PDT 2008
Here's a typical usage of DestroySemaphoreInfo (as of ImageMagick
6.4.1-3):
wand_semaphore=DestroySemaphoreInfo(wand_semaphore);
Unfortunately, there is a time window during which the variable
wand_semaphore is still non-NULL but the object pointed to no
longer exists causing problems if another thread happens to call
AcquireSemaphoreInfo.
I think a level of indirection to DestroySemaphoreInfo's
parameter should be added (instead of returning a pointer) and
NULL should be stored to the object pointed to by that parameter
while semaphore_mutex is still held.
I have seen crashes due to that problem. Just run
for (;;)
{
MagickWand *wand = NewMagickWand ();
DestroyMagickWand (wand);
}
in two threads (without having other MagickWand objects allocated).
Fixing DestroySemaphoreInfo as described above isn't enough for making
this code work, I also had to extend the critical section over the
AcquireWandId function (avoiding the double check pattern).
More information about the Magick-bugs
mailing list