Boost C++ Libraries: Ticket #286: intrusive_ptr may cause dungling ptr access https://svn.boost.org/trac10/ticket/286 <pre class="wiki">I think intrusive_ptr may cause dungling ptr access in multithreaded environment. Currently, it's constructor is: intrusive_ptr(T * p, bool add_ref = true) : p_(p) /* the object may be deleted by other thread because this thread does not increment reference counter yet. */ { if(p_ != 0 &amp;&amp; add_ref) intrusive_ptr_add_ref(p_); /* this may occur dungling ptr operation. */ } We can avoid this problem by "addref-before-use" policy. intrusive_ptr(T * p, bool add_ref = true) { if(p != 0 &amp;&amp; add_ref) intrusive_ptr_add_ref(p_); /* other thread never delete the object */ p_ = p; } </pre> en-us Boost C++ Libraries /htdocs/site/boost.png https://svn.boost.org/trac10/ticket/286 Trac 1.4.3 Peter Dimov Mon, 12 Jul 2004 11:21:29 GMT <link>https://svn.boost.org/trac10/ticket/286#comment:1 </link> <guid isPermaLink="false">https://svn.boost.org/trac10/ticket/286#comment:1</guid> <description> <pre class="wiki">Logged In: YES user_id=305912 All functions have an implicit assumption that the validity of their arguments does not change during the function execution, unless explicitly stated otherwise. In the intrusive_ptr example, there is no way to protect against p being invalidated. Your corrected code will fail in exactly the same way if p is invalidated by another thread. </pre> </description> <category>Ticket</category> </item> <item> <dc:creator>Peter Dimov</dc:creator> <pubDate>Mon, 12 Jul 2004 11:21:30 GMT</pubDate> <title>status changed https://svn.boost.org/trac10/ticket/286#comment:2 https://svn.boost.org/trac10/ticket/286#comment:2 <ul> <li><strong>status</strong> <span class="trac-field-old">assigned</span> → <span class="trac-field-new">closed</span> </li> </ul> Ticket