summary |
shortlog |
log |
commit | commitdiff |
tree
raw |
patch |
inline | side by side (from parent 1:
4b39d46)
Summary:
`SharedMutexImpl::lockSharedImpl` has a potentially uninitialized access:
Assume state = 0
canAlreadyDefer = (state & kMayDefer) != 0 ==> false
aboveDeferThreshold = (state & kHasS) >= (kNumSharedToStartDeferring - 1) * kIncrHasS ==> false
if (canAlreadyDefer || (aboveDeferThreshold && !drainInProgress)) ==> false
line:1452: gotSlot(slot)->compare_exchange_strong(...) uses slot uninitialized
Reviewed By: Orvid
Differential Revision:
D3933638
fbshipit-source-id:
0fbce5c00b8b1f34e50c302cb88def97853c5afe
+ uint32_t slot = tls_lastDeferredReaderSlot;
uintptr_t slotValue = 1; // any non-zero value will do
bool canAlreadyDefer = (state & kMayDefer) != 0;
uintptr_t slotValue = 1; // any non-zero value will do
bool canAlreadyDefer = (state & kMayDefer) != 0;
bool drainInProgress = ReaderPriority && (state & kBegunE) != 0;
if (canAlreadyDefer || (aboveDeferThreshold && !drainInProgress)) {
/* Try using the most recent slot first. */
bool drainInProgress = ReaderPriority && (state & kBegunE) != 0;
if (canAlreadyDefer || (aboveDeferThreshold && !drainInProgress)) {
/* Try using the most recent slot first. */
- slot = tls_lastDeferredReaderSlot;
slotValue = deferredReader(slot)->load(std::memory_order_relaxed);
if (slotValue != 0) {
// starting point for our empty-slot search, can change after
slotValue = deferredReader(slot)->load(std::memory_order_relaxed);
if (slotValue != 0) {
// starting point for our empty-slot search, can change after