Opened 18 years ago

Closed 18 years ago

#286 closed Bugs (Invalid)

intrusive_ptr may cause dungling ptr access

Reported by: nobody Owned by: Peter Dimov
Milestone: Component: smart_ptr
Version: None Severity:
Keywords: Cc:

Description

I think intrusive_ptr may cause dungling ptr access in 
multithreaded environment.

Currently, it's constructor is:

    intrusive_ptr(T * p, bool add_ref = true)
    : p_(p)  /* the object may be deleted by other 
thread 
                because this thread does not increment 
reference counter yet. */
    {
        if(p_ != 0 && add_ref)
            intrusive_ptr_add_ref(p_); /* this may occur 
dungling ptr operation. */
    }

We can avoid this problem by "addref-before-use" policy.

    intrusive_ptr(T * p, bool add_ref = true)
    {
        if(p != 0 && add_ref)
            intrusive_ptr_add_ref(p_); /* other thread 
never delete the object */
        p_ = p;
    }

Change History (2)

comment:1 by Peter Dimov, 18 years ago

Logged In: YES 
user_id=305912

All functions have an implicit assumption that the validity
of their arguments does not change during the function
execution, unless explicitly stated otherwise.

In the intrusive_ptr example, there is no way to protect
against p being invalidated. Your corrected code will fail
in exactly the same way if p is invalidated by another thread.

comment:2 by Peter Dimov, 18 years ago

Status: assignedclosed
Note: See TracTickets for help on using tickets.