VirtualBox

Changeset 11275 in vbox for trunk/src


Ignore:
Timestamp:
Aug 8, 2008 7:41:13 PM (16 years ago)
Author:
vboxsync
Message:

xpcom/PL_DHashTableEnumerate: Fixed access to freed memory in VBoxSVC during ipcDConnectService::OnClientStateChange() / ipcDConnectService::DeleteInstance(). The enumerator callback is probably violating some precondition, but we might be better off making PL_DHashTableEnumerate just deal with this instead.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/libs/xpcom18a4/xpcom/ds/pldhash.c

    r1 r11275  
    607607    PLDHashEntryHdr *entry;
    608608    PLDHashOperator op;
    609 
     609#ifdef VBOX
     610    PRUint32 generation;
     611    char *entryStore;
     612
     613    generation = table->generation;
     614    entryStore = table->entryStore;
     615#endif
    610616    entryAddr = table->entryStore;
    611617    entrySize = table->entrySize;
     
    618624        if (ENTRY_IS_LIVE(entry)) {
    619625            op = etor(table, entry, i++, arg);
     626#ifdef VBOX
     627            /*
     628             * Adjust pointers if entryStore was reallocated as a result
     629             * of an add or remove performed by the enumerator. It is
     630             * probably not supposed to do this, but since it does we'll
     631             * simply deal with it.
     632             *
     633             * This happens during ipcDConnectService::OnClientStateChange()
     634             * / ipcDConnectService::DeleteInstance() now.
     635             */
     636            if (generation != table->generation)
     637            {
     638                entryAddr += table->entryStore - entryStore;
     639                entryStore = table->entryStore;
     640                entry = (PLDHashEntryHdr *)entryAddr;
     641                capacity = PL_DHASH_TABLE_SIZE(table);
     642                entryLimit = table->entryStore + capacity * entrySize;
     643            }
     644
     645#endif
    620646            if (op & PL_DHASH_REMOVE) {
    621647                METER(table->stats.removeEnums++);
Note: See TracChangeset for help on using the changeset viewer.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette