-
Alex Ilin authored
ashmem_get_funcs() returns a pointer to a static local variable s_ashmem_funcs that is initialized in a non thread-safe way. It is possible that one thread starts the initialization of s_ashmem_funcs and sets s_ashmem_funcs->create. s_ashmem_funcs->setProt is not initialized yet. Then another thread calls ashmem_get_funcs() and since s_ashmem_funcs->create != NULL, ashmem_get_funcs() returns a pointer to a partially initialized struct. An attempt to call s_ashmem_funcs->setProt fails on the null pointer. This CL fixes the data race by using pthread_once(). pthread_once() guarantees that the initialization function will be called exactly once ans that on return from pthread_once() the initialization has completed. Bug: 985870 Change-Id: I182c3edd43eb2cb58ec9e70d8e03f82742004138 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1769452Reviewed-by:
Richard Coles <torne@chromium.org> Reviewed-by:
Scott Violet <sky@chromium.org> Commit-Queue: Alex Ilin <alexilin@chromium.org> Cr-Commit-Position: refs/heads/master@{#690873}
9aea3a28
