fpc_AnsiStr_Assign might have issues with thread safety.
Original Reporter info from Mantis: runewalsh
-
Reporter name:
Original Reporter info from Mantis: runewalsh
- Reporter name:
Description:
If this bug is a thing at all, it will happen under very tight timing conditions, so probably no one will be able to reproduce it. But please listen.
Among other things, fpc_AnsiStr_Assign(var destS: pointer; S2: pointer) does the following (in that order):
fpc_ansistr_decr_ref (DestS);
DestS := S2;
So AFTER the reference count was decremented but BEFORE S2 value assigned, another thread will see a dangling pointer.
Here's the supposed fix:
var old: pointer;
old := InterlockedExchange(DestS, S2);
fpc_ansistr_decr_ref(old);
Or, instead of fpc_ansistr_decr_ref, it will be better to have its specialized version that won't treat 'old' as var-parameter, so no writing it to stack, reading back, and writing 'nil' again.
Mantis conversion info:
- Mantis ID: 39017
- Build: trunk@49516
- Fixed in version: 3.3.1