Sergey Bugaev, le mar. 11 avril 2023 11:00:27 +0300, a ecrit: > Side note, I really really dislike this idea of some code still referencing > port names that are no longer valid / deallocated / reused by someone else. > This is really prone to use-after-frees. Typically we'd solve this by > leaving a dead-name right in place of the port, and having > mig_dealloc_reply_port () dealloc this dead name.
That could be better indeed. Rather than modifying refs under the hood, let the code manage them. > But in this case... we're fairly sure that the code really doesn't do > anything with the name that it has, other than immediately calling > mig_dealloc_reply_port () on it; and there'd have to be a separate code path > for deallocating the dead name since mach_port_mod_refs (recv, -1) won't do > it (mach_port_destroy would handle both, but using that is a terrible idea). > > So in order not to overcomplicate this, in this particular case, it should > be fine to just deallocate the stored reply port and not what the user has, > as you're saying. But it definitely needs a comment explaining this. Completely agree :) > And maybe an assert (port == arg || port == MACH_PORT_NULL). If that does indeed work, yes :) Samuel
