From e19e1a853272462428bf80ea4f1e2a358b4c747a Mon Sep 17 00:00:00 2001 From: Ville Juven Date: Tue, 17 Dec 2024 16:03:13 +0200 Subject: [PATCH] nxsem_destroyholder: Use critical section when destroying holder(s) Otherwise the free holder list will leak, causing either a crash due to holder->htcb = NULL, or the free holder list becomes (erroneously) empty even though most of the holder entries are free. --- sched/semaphore/sem_holder.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/sched/semaphore/sem_holder.c b/sched/semaphore/sem_holder.c index 8e51d6cf31..ac7305600e 100644 --- a/sched/semaphore/sem_holder.c +++ b/sched/semaphore/sem_holder.c @@ -558,6 +558,8 @@ void nxsem_initialize_holders(void) void nxsem_destroyholder(FAR sem_t *sem) { + irqstate_t flags = enter_critical_section(); + /* It might be an error if a semaphore is destroyed while there are any * holders of the semaphore (except perhaps the thread that release the * semaphore itself). We actually have to assume that the caller knows @@ -592,6 +594,8 @@ void nxsem_destroyholder(FAR sem_t *sem) #endif nxsem_foreachholder(sem, nxsem_recoverholders, NULL); + + leave_critical_section(flags); } /****************************************************************************