Great catch guys. This probably saved Jeff, Greg and I some major league
headaches in the future :-)
Bill
Brad Nicholes wrote:
I think we just discovered what the real source of the problem is. It
appears that apr_pool_create_ex() is trying to extract the mutex from
the wrong allocator when an allocator is specified. When it tries to
get the mutex it uses the parent allocator if one was not passed in. If
an allocator was passed in then it uses that one instead which is wrong.
The mutex from the allocator that was passed in does not protect the
parent but the code still manipulates it anyway. This means that two or
more threads could overwrite parent->child simply because the wrong
mutex was locked or no mutex was locked at all (in our case). The call
to apr_allocator_mutex_get() should use "parent->allocator" not
"allocator". If you look at apr_pool_destroy() it is doing it
correctly. Otherwise this code is not thread safe.
Brad
