Hi Martin,
On Sun, Nov 21, 2010 at 3:04 AM, Martin Sustrik <sust...@250bpm.com> wrote:
> Dhammika,
>
>> engine:out_event() is triggering finalise_initialization(), there we
>> pass it to the
>> other thread and receiving thread deletes engine.
>> But in out_event() first thread again dereferences same engine object
>> after get_data(),
>>
>>
>> 149 void zmq::zmq_engine_t::out_event ()
>> 150 {
>> 151 // If write buffer is empty, try to read new data from the
>> encoder.
>> 152 if (!outsize) {
>> 153
>> 154 outpos = NULL;
>> 155 encoder.get_data (&outpos,&outsize);
>
> Ah! I think I finally got it. At this point the engine is already unplugged
> (unplugging happens inside of get_data call).
>
> So something like this would solve the problem:
>
> if (!plugged)
> return;
>
> Right?
>
if (!plugged) is dereferencing this->plugged, but we've deleted this
object (engine).
So it's going to access deleted memory.
Different option is to move engine deletion to a proxy object or to a
static method.
Dhammika
_______________________________________________
zeromq-dev mailing list
zeromq-dev@lists.zeromq.org
http://lists.zeromq.org/mailman/listinfo/zeromq-dev
