time: prevent a panic from leaving the timer mutex held

When deleting a timer, a panic due to nil deref would leave a lock held, possibly leading to a deadlock in a defer. Instead return false on a nil timer. Fixes #5745. R=golang-dev, daniel.morsing, dvyukov, rsc, iant CC=golang-dev https://golang.org/cl/10373047

time: prevent a panic from leaving the timer mutex held
When deleting a timer, a panic due to nil deref would leave a lock held, possibly leading to a deadlock in a defer. Instead return false on a nil timer. Fixes #5745. R=golang-dev, daniel.morsing, dvyukov, rsc, iant CC=golang-dev https://golang.org/cl/10373047
0286b473 · Jeff R. Allen · Russ Cox · b86f6c92 · 0286b473 · 0286b473
Commit 0286b473 authored Jul 02, 2013 by Jeff R. Allen Committed by Russ Cox Jul 02, 2013
Hide whitespace changes
Inline Side-by-side

Showing with 25 additions and 0 deletions

time.goc src/pkg/runtime/time.goc +5 -0

sleep_test.go src/pkg/time/sleep_test.go +20 -0

No files found.
--- a/src/pkg/runtime/time.goc
+++ b/src/pkg/runtime/time.goc
@@ -131,6 +131,11 @@ runtime·deltimer(Timer *t)
 {
 	int32 i;

+	// Dereference t so that any panic happens before the lock is held.
+	// Discard result, because t might be moving in the heap.
+	i = t->i;
+	USED(i);
+
 	runtime·lock(&timers);

 	// t may not be registered anymore and may have

--- a/src/pkg/time/sleep_test.go
+++ b/src/pkg/time/sleep_test.go
@@ -314,3 +314,23 @@ func TestOverflowSleep(t *testing.T) {
 		t.Fatalf("negative timeout didn't fire")
 	}
 }
+
+// Test that a panic while deleting a timer does not leave
+// the timers mutex held, deadlocking a ticker.Stop in a defer.
+func TestIssue5745(t *testing.T) {
+	ticker := NewTicker(Hour)
+	defer func() {
+		// would deadlock here before the fix due to
+		// lock taken before the segfault.
+		ticker.Stop()
+
+		if r := recover(); r == nil {
+			t.Error("Expected panic, but none happened.")
+		}
+	}()
+
+	// cause a panic due to a segfault
+	var timer *Timer
+	timer.Stop()
+	t.Error("Should be unreachable.")
+}