Hi, all
After reading the min_heap.h, I found the min_heap_pop may be has a bug
struct event* min_heap_pop(min_heap_t* s)
{
if(s->n)
{
struct event* e = *s->p;
e->min_heap_idx = -1;
min_heap_shift_down_(s, 0u, s->p[--s->n]);
return e;
}
return 0;
}
( e->min_heap_idx = -1 ) is before ( min_heap_shift_down_ ),
but e->min_heap_idx may be change in min_heap_shift_down_ .
The following source code will cause a core dump.
Calling min_heap_erase after min_heap_pop with the same event.
#include "min_heap.h"
int main( int argc, char * argv[] )
{
min_heap_t heap;
struct event ev, * evp;
min_heap_ctor( &heap );
min_heap_push( &heap, &ev );
evp = min_heap_pop( &heap );
min_heap_erase( &heap, evp );
return 0;
}
The following min_heap_pop could fix this problem.
Reverse the ( e->min_heap_idx = -1 ) and ( min_heap_shift_down_ ).
Because min_heap_erase will detect the event->min_heap_idx.
struct event* min_heap_pop(min_heap_t* s)
{
if(s->n)
{
struct event* e = *s->p;
min_heap_shift_down_(s, 0u, s->p[--s->n]);
e->min_heap_idx = -1;
return e;
}
return 0;
}
liusifan
2008-06-12
_______________________________________________
Libevent-users mailing list
Libevent-users@monkey.org
http://monkeymail.org/mailman/listinfo/libevent-users
