bugfix: proper synchronization on message destruction

The code was potentially race, at least on systems where
a memory barrier was needed. Fix not fully tested yet.

2 files changed, 5 insertions, 0 deletions

diff --git a/runtime/atomic.h b/runtime/atomic.h
index d15f78ee..2dbe7f52 100644
--- a/runtime/atomic.h
+++ b/runtime/atomic.h
@@ -48,6 +48,7 @@
 #else
 #	warning "atomic builtins not available, using nul operations"
 #	define ATOMIC_INC(data) (++(data))
+#	define ATOMIC_DEC_AND_FETCH(data) (--(data))
 #	define ATOMIC_FETCH_32BIT(data) (data)
 #	define ATOMIC_STORE_1_TO_32BIT(data) (data) = 1
 #endif
diff --git a/runtime/msg.c b/runtime/msg.c
index f4eb9414..346bbc5f 100644
--- a/runtime/msg.c
+++ b/runtime/msg.c
@@ -276,8 +276,10 @@ CODESTARTobjDestruct(msg)
 #	ifdef DO_HAVE_ATOMICS
 		currRefCount = ATOMIC_DEC_AND_FETCH(pThis->iRefCount);
 #	else
+		MsgLock(pThis);
 		currRefCount = --pThis->iRefCount;
 # 	endif
+// we need a mutex, because we may be suspended after getting the refcount but before
 	if(currRefCount == 0)
 	{
 		/* DEV Debugging Only! dbgprintf("msgDestruct\t0x%lx, RefCount now 0, doing DESTROY\n", (unsigned long)pThis); */
@@ -337,9 +339,11 @@ CODESTARTobjDestruct(msg)
 			rsCStrDestruct(&pThis->pCSPROCID);
 		if(pThis->pCSMSGID != NULL)
 			rsCStrDestruct(&pThis->pCSMSGID);
+		MsgUnlock(pThis);
 		funcDeleteMutex(pThis);
 	} else {
 		pThis = NULL; /* tell framework not to destructing the object! */
+		MsgUnlock(pThis);
 	}
 ENDobjDestruct(msg)