Handle invalid buffer pointers when count is zero.
[glibc/history.git] / nptl / pthread_cond_wait.c
blob670fba573660b11c9d09e68d15960962674912d3
1 /* Copyright (C) 2003, 2004, 2006, 2007 Free Software Foundation, Inc.
2 This file is part of the GNU C Library.
3 Contributed by Martin Schwidefsky <schwidefsky@de.ibm.com>, 2003.
5 The GNU C Library is free software; you can redistribute it and/or
6 modify it under the terms of the GNU Lesser General Public
7 License as published by the Free Software Foundation; either
8 version 2.1 of the License, or (at your option) any later version.
10 The GNU C Library is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Lesser General Public License for more details.
15 You should have received a copy of the GNU Lesser General Public
16 License along with the GNU C Library; if not, write to the Free
17 Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
18 02111-1307 USA. */
20 #include <endian.h>
21 #include <errno.h>
22 #include <sysdep.h>
23 #include <lowlevellock.h>
24 #include <pthread.h>
25 #include <pthreadP.h>
27 #include <shlib-compat.h>
30 struct _condvar_cleanup_buffer
32 int oldtype;
33 pthread_cond_t *cond;
34 pthread_mutex_t *mutex;
35 unsigned int bc_seq;
39 void
40 __attribute__ ((visibility ("hidden")))
41 __condvar_cleanup (void *arg)
43 struct _condvar_cleanup_buffer *cbuffer =
44 (struct _condvar_cleanup_buffer *) arg;
45 unsigned int destroying;
46 int pshared = (cbuffer->cond->__data.__mutex == (void *) ~0l)
47 ? LLL_SHARED : LLL_PRIVATE;
49 /* We are going to modify shared data. */
50 lll_lock (cbuffer->cond->__data.__lock, pshared);
52 if (cbuffer->bc_seq == cbuffer->cond->__data.__broadcast_seq)
54 /* This thread is not waiting anymore. Adjust the sequence counters
55 appropriately. We do not increment WAKEUP_SEQ if this would
56 bump it over the value of TOTAL_SEQ. This can happen if a thread
57 was woken and then canceled. */
58 if (cbuffer->cond->__data.__wakeup_seq
59 < cbuffer->cond->__data.__total_seq)
61 ++cbuffer->cond->__data.__wakeup_seq;
62 ++cbuffer->cond->__data.__futex;
64 ++cbuffer->cond->__data.__woken_seq;
67 cbuffer->cond->__data.__nwaiters -= 1 << COND_NWAITERS_SHIFT;
69 /* If pthread_cond_destroy was called on this variable already,
70 notify the pthread_cond_destroy caller all waiters have left
71 and it can be successfully destroyed. */
72 destroying = 0;
73 if (cbuffer->cond->__data.__total_seq == -1ULL
74 && cbuffer->cond->__data.__nwaiters < (1 << COND_NWAITERS_SHIFT))
76 lll_futex_wake (&cbuffer->cond->__data.__nwaiters, 1, pshared);
77 destroying = 1;
80 /* We are done. */
81 lll_unlock (cbuffer->cond->__data.__lock, pshared);
83 /* Wake everybody to make sure no condvar signal gets lost. */
84 if (! destroying)
85 lll_futex_wake (&cbuffer->cond->__data.__futex, INT_MAX, pshared);
87 /* Get the mutex before returning unless asynchronous cancellation
88 is in effect. */
89 __pthread_mutex_cond_lock (cbuffer->mutex);
93 int
94 __pthread_cond_wait (cond, mutex)
95 pthread_cond_t *cond;
96 pthread_mutex_t *mutex;
98 struct _pthread_cleanup_buffer buffer;
99 struct _condvar_cleanup_buffer cbuffer;
100 int err;
101 int pshared = (cond->__data.__mutex == (void *) ~0l)
102 ? LLL_SHARED : LLL_PRIVATE;
104 /* Make sure we are along. */
105 lll_lock (cond->__data.__lock, pshared);
107 /* Now we can release the mutex. */
108 err = __pthread_mutex_unlock_usercnt (mutex, 0);
109 if (__builtin_expect (err, 0))
111 lll_unlock (cond->__data.__lock, pshared);
112 return err;
115 /* We have one new user of the condvar. */
116 ++cond->__data.__total_seq;
117 ++cond->__data.__futex;
118 cond->__data.__nwaiters += 1 << COND_NWAITERS_SHIFT;
120 /* Remember the mutex we are using here. If there is already a
121 different address store this is a bad user bug. Do not store
122 anything for pshared condvars. */
123 if (cond->__data.__mutex != (void *) ~0l)
124 cond->__data.__mutex = mutex;
126 /* Prepare structure passed to cancellation handler. */
127 cbuffer.cond = cond;
128 cbuffer.mutex = mutex;
130 /* Before we block we enable cancellation. Therefore we have to
131 install a cancellation handler. */
132 __pthread_cleanup_push (&buffer, __condvar_cleanup, &cbuffer);
134 /* The current values of the wakeup counter. The "woken" counter
135 must exceed this value. */
136 unsigned long long int val;
137 unsigned long long int seq;
138 val = seq = cond->__data.__wakeup_seq;
139 /* Remember the broadcast counter. */
140 cbuffer.bc_seq = cond->__data.__broadcast_seq;
144 unsigned int futex_val = cond->__data.__futex;
146 /* Prepare to wait. Release the condvar futex. */
147 lll_unlock (cond->__data.__lock, pshared);
149 /* Enable asynchronous cancellation. Required by the standard. */
150 cbuffer.oldtype = __pthread_enable_asynccancel ();
152 /* Wait until woken by signal or broadcast. */
153 lll_futex_wait (&cond->__data.__futex, futex_val, pshared);
155 /* Disable asynchronous cancellation. */
156 __pthread_disable_asynccancel (cbuffer.oldtype);
158 /* We are going to look at shared data again, so get the lock. */
159 lll_lock (cond->__data.__lock, pshared);
161 /* If a broadcast happened, we are done. */
162 if (cbuffer.bc_seq != cond->__data.__broadcast_seq)
163 goto bc_out;
165 /* Check whether we are eligible for wakeup. */
166 val = cond->__data.__wakeup_seq;
168 while (val == seq || cond->__data.__woken_seq == val);
170 /* Another thread woken up. */
171 ++cond->__data.__woken_seq;
173 bc_out:
175 cond->__data.__nwaiters -= 1 << COND_NWAITERS_SHIFT;
177 /* If pthread_cond_destroy was called on this varaible already,
178 notify the pthread_cond_destroy caller all waiters have left
179 and it can be successfully destroyed. */
180 if (cond->__data.__total_seq == -1ULL
181 && cond->__data.__nwaiters < (1 << COND_NWAITERS_SHIFT))
182 lll_futex_wake (&cond->__data.__nwaiters, 1, pshared);
184 /* We are done with the condvar. */
185 lll_unlock (cond->__data.__lock, pshared);
187 /* The cancellation handling is back to normal, remove the handler. */
188 __pthread_cleanup_pop (&buffer, 0);
190 /* Get the mutex before returning. */
191 return __pthread_mutex_cond_lock (mutex);
194 versioned_symbol (libpthread, __pthread_cond_wait, pthread_cond_wait,
195 GLIBC_2_3_2);