Handle race condition and mutex issues.

NSStopConsumer() results in crash at NSDestroyQueue().
As per the crash log, after consumer message handler thread (NSConsumerMsgHandleThreadFunc) comes to an end,
there seems to be a race condition between the thread which called NSStopConsumer() and another thread which calls NSConsumerMsgPushThreadFunc().
Both threads try to access the message queue. One enqueues and another dequeues which could result in undefined behaviour.
Handled it by checking the running status of message handler thread before enqueuing request.

Another issue in with improper access of "g_create_mutex" in NSThread.c.
There is a chance that NSThreadInit could initialize the same mutex multiple times.
And NSDestroyThreadHandle unlocks the mutex without locking it. (NSThreadInit & NSDestroyThreadHandle are called
from several threads and the way they access the mutex could result in undefined behavior).
As the usage and the main intention of the mutex is not clear, removed it.

https://github.sec.samsung.net/RS7-IOTIVITY/IoTivity/pull/554/commits/93e66a00acc08ce0c7a3fb217bfb2cc92f2a6c15
(cherry-picked from 93e66a00acc08ce0c7a3fb217bfb2cc92f2a6c15)

Change-Id: Iaa11c9b9b0088d4626cc92f85bbb55fb69f417af
Signed-off-by: Senthil Kumar G S <senthil.gs@samsung.com>
Signed-off-by: Sudipto <sudipto.bal@samsung.com>

diff --git a/service/notification/src/consumer/NSConsumerScheduler.c b/service/notification/src/consumer/NSConsumerScheduler.c
index 2e13b5940f482a348c48ce5c91c03c864cfaaa72..a414b374c4c0fdce7c8539aeab23bf7cc71bdeb4 100644 (file)
--- a/service/notification/src/consumer/NSConsumerScheduler.c
+++ b/service/notification/src/consumer/NSConsumerScheduler.c
@@ -207,7 +207,15 @@ void * NSConsumerMsgPushThreadFunc(void * data)
     }
     else
     {
-        NSPushConsumerQueue(queue, obj);
+        if (msgHandleThread != NULL && msgHandleThread->isStarted)
+        {
+            NSPushConsumerQueue(queue, obj);
+        }
+        else
+        {
+            NSOICFree(data);
+            NSOICFree(obj);
+        }
     }
 
     NSThreadUnlock(msgHandleThread);

diff --git a/service/notification/src/consumer/NSThread.c b/service/notification/src/consumer/NSThread.c
index 36655d852d23983bc125a77e83667b972980d138..4c1ec934a0044c717ceeecc06cbe142dc9443b65 100644 (file)
--- a/service/notification/src/consumer/NSThread.c
+++ b/service/notification/src/consumer/NSThread.c
@@ -26,14 +26,10 @@
 #include <memory.h>
 #include "oic_malloc.h"
 
-static pthread_mutex_t g_create_mutex;
-
 NSConsumerThread * NSThreadInit(NSThreadFunc func, void * data)
 {
     NS_VERIFY_NOT_NULL(func, NULL);
 
-    pthread_mutex_init(&g_create_mutex, NULL);
-
     NSConsumerThread * handle = (NSConsumerThread *)OICMalloc(sizeof(NSConsumerThread));
     NS_VERIFY_NOT_NULL(handle, NULL);
 
@@ -49,8 +45,6 @@ NSConsumerThread * NSThreadInit(NSThreadFunc func, void * data)
     NS_VERIFY_NOT_NULL_WITH_POST_CLEANING(pthreadResult == 0 ? (void *)1 : NULL,
             NULL, NSDestroyThreadHandle(handle));
 
-    pthread_mutex_lock(&g_create_mutex);
-
     handle->isStarted = true;
 
     pthread_attr_t attrDetached = {};
@@ -64,8 +58,6 @@ NSConsumerThread * NSThreadInit(NSThreadFunc func, void * data)
 
     pthread_attr_destroy(& attrDetached);
 
-    pthread_mutex_unlock(&g_create_mutex);
-
     return handle;
 }
 
@@ -111,8 +103,6 @@ void NSDestroyThreadHandle(NSConsumerThread * handle)
 
     pthread_mutex_destroy(&(handle->mutex));
     pthread_mutexattr_destroy(&(handle->mutex_attr));
-
-    pthread_mutex_unlock(&g_create_mutex);
 }
 
 void NSThreadDetach()