g_lock_trylock() always incremented the counter 'i', even after cleaning a stale
entry at position 'i', which means it skipped checking for a conflict against
the new entry at position 'i'.
As result a process could get a write lock, while there're still
some read lock holders. Once we get into that problem, also more than
one write lock are possible.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13195
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Dec 20 20:31:48 CET 2017 on sn-devel-144
+++ /dev/null
-^samba3.smbtorture_s3.LOCAL-G-LOCK6.smbtorture
}
}
- for (i=0; i<lck.num_recs; i++) {
+ i = 0;
+
+ while (i < lck.num_recs) {
struct g_lock_rec lock;
g_lock_get_rec(&lck, i, &lock);
*/
g_lock_rec_del(&lck, i);
modified = true;
+ continue;
}
+ i++;
}
modified = true;