Handle race condition and mutex issues.

NSStopConsumer() results in crash at NSDestroyQueue().
As per the crash log, after consumer message handler thread (NSConsumerMsgHandleThreadFunc) comes to an end,
there seems to be a race condition between the thread which called NSStopConsumer() and another thread which calls NSConsumerMsgPushThreadFunc().
Both threads try to access the message queue. One enqueues and another dequeues which could result in undefined behaviour.
Handled it by checking the running status of message handler thread before enqueuing request.

Another issue in with improper access of "g_create_mutex" in NSThread.c.
There is a chance that NSThreadInit could initialize the same mutex multiple times.
And NSDestroyThreadHandle unlocks the mutex without locking it. (NSThreadInit & NSDestroyThreadHandle are called
from several threads and the way they access the mutex could result in undefined behavior).
As the usage and the main intention of the mutex is not clear, removed it.

https://github.sec.samsung.net/RS7-IOTIVITY/IoTivity/pull/554/commits/93e66a00acc08ce0c7a3fb217bfb2cc92f2a6c15
(cherry-picked from 93e66a00acc08ce0c7a3fb217bfb2cc92f2a6c15)

Change-Id: Iaa11c9b9b0088d4626cc92f85bbb55fb69f417af
Signed-off-by: Senthil Kumar G S <senthil.gs@samsung.com>
Signed-off-by: Sudipto <sudipto.bal@samsung.com>

diff --git a/service/notification/src/consumer/NSConsumerScheduler.c b/service/notification/src/consumer/NSConsumerScheduler.c
index 2e13b59..a414b37 100644 (file)
--- a/service/notification/src/consumer/NSConsumerScheduler.c
+++ b/service/notification/src/consumer/NSConsumerScheduler.c
@@ -207,7 +207,15 @@ void * NSConsumerMsgPushThreadFunc(void * data)
     }
     else
     {
-        NSPushConsumerQueue(queue, obj);
+        if (msgHandleThread != NULL && msgHandleThread->isStarted)
+        {
+            NSPushConsumerQueue(queue, obj);
+        }
+        else
+        {
+            NSOICFree(data);
+            NSOICFree(obj);
+        }
     }
 
     NSThreadUnlock(msgHandleThread);

diff --git a/service/notification/src/consumer/NSThread.c b/service/notification/src/consumer/NSThread.c
index 36655d8..4c1ec93 100644 (file)
--- a/service/notification/src/consumer/NSThread.c
+++ b/service/notification/src/consumer/NSThread.c
@@ -26,14 +26,10 @@
 #include <memory.h>
 #include "oic_malloc.h"
 
-static pthread_mutex_t g_create_mutex;
-
 NSConsumerThread * NSThreadInit(NSThreadFunc func, void * data)
 {
     NS_VERIFY_NOT_NULL(func, NULL);
 
-    pthread_mutex_init(&g_create_mutex, NULL);
-
     NSConsumerThread * handle = (NSConsumerThread *)OICMalloc(sizeof(NSConsumerThread));
     NS_VERIFY_NOT_NULL(handle, NULL);
 
@@ -49,8 +45,6 @@ NSConsumerThread * NSThreadInit(NSThreadFunc func, void * data)
     NS_VERIFY_NOT_NULL_WITH_POST_CLEANING(pthreadResult == 0 ? (void *)1 : NULL,
             NULL, NSDestroyThreadHandle(handle));
 
-    pthread_mutex_lock(&g_create_mutex);
-
     handle->isStarted = true;
 
     pthread_attr_t attrDetached = {};
@@ -64,8 +58,6 @@ NSConsumerThread * NSThreadInit(NSThreadFunc func, void * data)
 
     pthread_attr_destroy(& attrDetached);
 
-    pthread_mutex_unlock(&g_create_mutex);
-
     return handle;
 }
 
@@ -111,8 +103,6 @@ void NSDestroyThreadHandle(NSConsumerThread * handle)
 
     pthread_mutex_destroy(&(handle->mutex));
     pthread_mutexattr_destroy(&(handle->mutex_attr));
-
-    pthread_mutex_unlock(&g_create_mutex);
 }
 
 void NSThreadDetach()