tuxtxt: fix race condition in tuxtxt_clear_cache()

tuxtxt_cache_lock does not prevent from calling tuxtxt_clear_cache while the cache thread is in the middle of inserting pages, thus leading to a hard-to-reproduce crash when trying to start up tuxtxt. The simplest fix is to use an additional "big hammer" lock arond the whole critical area. Since tuxtxt_clear_cache is only called very seldom, there should be no lock contention problem.
2025-08-29 16:31:11 +02:00 · 2012-07-15 13:19:44 +02:00
parent 56b6f274c9
commit 9af56e1852
1 changed files with 15 additions and 1 deletions
--- a/lib/libtuxtxt/tuxtxt_common.h
+++ b/lib/libtuxtxt/tuxtxt_common.h
@@ -1,4 +1,6 @@
-
+/* tuxtxt_common.h
+ * for license info see the other tuxtxt files
+ */
 #include <sys/ioctl.h>
 #include <fcntl.h>
 #include <pthread.h>
@@ -15,6 +17,7 @@

 tuxtxt_cache_struct tuxtxt_cache;
 static pthread_mutex_t tuxtxt_cache_lock = PTHREAD_MUTEX_INITIALIZER;
+static pthread_mutex_t tuxtxt_cache_biglock = PTHREAD_MUTEX_INITIALIZER;
 int tuxtxt_get_zipsize(int p,int sp)
 {
    tstCachedPage* pg = tuxtxt_cache.astCachetable[p][sp];
@@ -350,6 +353,7 @@ int tuxtxt_GetSubPage(int page, int subpage, int offset)

 void tuxtxt_clear_cache(void)
 {
+	pthread_mutex_lock(&tuxtxt_cache_biglock);
 	pthread_mutex_lock(&tuxtxt_cache_lock);
 	int clear_page, clear_subpage, d26;
 	tuxtxt_cache.maxadippg  = -1;
@@ -413,6 +417,7 @@ void tuxtxt_clear_cache(void)
 	printf("TuxTxt cache cleared\n");
 #endif
 	pthread_mutex_unlock(&tuxtxt_cache_lock);
+	pthread_mutex_unlock(&tuxtxt_cache_biglock);
 }
 /******************************************************************************
 * init_demuxer                                                               *
@@ -540,6 +545,7 @@ void tuxtxt_allocate_cache(int magazine)
 	// Lock here as we have a possible race here with
 	// tuxtxt_clear_cache(). We should not be allocating and
 	// freeing at the same time.
+	// *** this is probably worked around by tuxtxt_cacehe_biglock now *** --seife
 	pthread_mutex_lock(&tuxtxt_cache_lock);

 	/* check cachetable and allocate memory if needed */
@@ -612,6 +618,13 @@ void *tuxtxt_CacheThread(void * /*arg*/)
 			continue;
 		}

+		/* this "big hammer lock" is a hack: it avoids a crash if
+		 * tuxtxt_clear_cache() is called while the cache thread is in the
+		 * middle of the following loop, leading to tuxtxt_cache.current_page[]
+		 * etc. being set to -1 and tuxtxt_cache.astCachetable[] etc. being set
+		 * to NULL
+		 * it probably also avoids the possible race in tuxtxt_allocate_cache() */
+		pthread_mutex_lock(&tuxtxt_cache_biglock);
 		/* analyze it */
 		for (line = 0; line < readcnt/0x2e /*4*/; line++)
 		{
@@ -1053,6 +1066,7 @@ void *tuxtxt_CacheThread(void * /*arg*/)
 				printf("line %d row %X %X, continue\n", line, vtx_rowbyte[0], vtx_rowbyte[1]);
 #endif
 		}
+		pthread_mutex_unlock(&tuxtxt_cache_biglock);
 	}

 	pthread_exit(NULL);