[Cbe-oss-dev] [PATCH 1/2] libspe: fix spe_get_event initialization

Kazunori Asayama asayama at sm.sony.co.jp
Tue Mar 28 23:27:10 EST 2006


This patch fixes following problem of libspe v1.0.1.

* spe_get_event() may return uninitialized array of
  `struct spu_event' when:

   - size of the array is greater than 1,
   - some events are available when the function is called.

A program to reproduce this problem is also attached.
-- 
(ASAYAMA Kazunori
  (asayama at sm.sony.co.jp))
t

--
diff -urp libspe-1.0.1.orig/spe.c libspe-1.0.1-a/spe.c
--- libspe-1.0.1.orig/spe.c	2006-03-27 20:23:32.000000000 +0900
+++ libspe-1.0.1-a/spe.c	2006-03-28 12:28:47.000000000 +0900
@@ -1178,8 +1178,7 @@ spe_get_event(struct spe_event *pevents,
 				thread->ev_data = 0;
 				thread->event = 0;

-				pthread_mutex_unlock(&grp_list.mutex);
-				return ret_events;
+				break;
 			}
 			
 			//Decide on what fd's to poll on
@@ -1201,13 +1200,6 @@ spe_get_event(struct spe_event *pevents,
 			elem=elem->next;
 		}
 	}
-	
-	if(numSPEsToPoll == 0)
-	{
-		pthread_mutex_unlock(&grp_list.mutex);
-		errno=EINVAL;
-		return -1;
-	}

 	if (ret_events > 0)
 	{
@@ -1220,6 +1212,13 @@ spe_get_event(struct spe_event *pevents,
 		return ret_events;
 	}
 	
+	if(numSPEsToPoll == 0)
+	{
+		pthread_mutex_unlock(&grp_list.mutex);
+		errno=EINVAL;
+		return -1;
+	}
+	
 	DEBUG_PRINTF("  number of fd : %i\n", numSPEsToPoll);

 	SPEfds=malloc (numSPEsToPoll * sizeof(struct pollfd));
-------------- next part --------------
A non-text attachment was scrubbed...
Name: init.tar
Type: application/octet-stream
Size: 10240 bytes
Desc: not available
URL: <http://lists.ozlabs.org/pipermail/cbe-oss-dev/attachments/20060328/f594ec1a/attachment.obj>


More information about the cbe-oss-dev mailing list