runtime: fix heap memory corruption

With concurrent sweeping finc if modified by runfinq and queuefinalizer concurrently. Fixes crashes like this one: http://build.golang.org/log/6ad7b59ef2e93e3c9347eabfb4c4bd66df58fd5a Fixes #7324. Update #7396 LGTM=rsc R=golang-codereviews, minux.ma, rsc CC=golang-codereviews, khr https://golang.org/cl/67980043

runtime: fix heap memory corruption
With concurrent sweeping finc if modified by runfinq and queuefinalizer concurrently. Fixes crashes like this one: http://build.golang.org/log/6ad7b59ef2e93e3c9347eabfb4c4bd66df58fd5a Fixes #7324. Update #7396 LGTM=rsc R=golang-codereviews, minux.ma, rsc CC=golang-codereviews, khr https://golang.org/cl/67980043
ea875017 · Dmitriy Vyukov · 6e612ae0 · ea875017
Commit ea875017 authored Feb 24, 2014 by Dmitriy Vyukov
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 1 deletion

mgc0.c src/pkg/runtime/mgc0.c +3 -1

No files found.
--- a/src/pkg/runtime/mgc0.c
+++ b/src/pkg/runtime/mgc0.c
@@ -2551,7 +2551,7 @@ runfinq(void)
 				if(framecap < framesz) {
 					runtime·free(frame);
 					// The frame does not contain pointers interesting for GC,
-					// all not yet finalized objects are stored in finc.
+					// all not yet finalized objects are stored in finq.
 					// If we do not mark it as FlagNoScan,
 					// the last finalized object is not collected.
 					frame = runtime·mallocgc(framesz, 0, FlagNoScan|FlagNoInvokeGC);
@@ -2580,8 +2580,10 @@ runfinq(void)
 				f->ot = nil;
 			}
 			fb->cnt = 0;
+			runtime·lock(&gclock);
 			fb->next = finc;
 			finc = fb;
+			runtime·unlock(&gclock);
 		}
 		runtime·gc(1);	// trigger another gc to clean up the finalized objects, if possible
 	}