From 52ca68c770e9128940748bab72a5b103057166a8 Mon Sep 17 00:00:00 2001
From: Arun Sharma <asharma@fb.com>
Date: Fri, 16 Dec 2011 10:45:51 -0800
Subject: [PATCH] Fix a race condition

There is a window of time between the munmap and the tls_cache being
marked as destroyed, where there could be a bad access to memory that
has been unmapped/freed. Reorder the code a bit to close the window.

Signed-off-by: Paul Pluzhnikov <ppluzhnikov@google.com>
---
 src/x86_64/Gtrace.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/x86_64/Gtrace.c b/src/x86_64/Gtrace.c
index 2d787291..446610cb 100644
--- a/src/x86_64/Gtrace.c
+++ b/src/x86_64/Gtrace.c
@@ -66,10 +66,10 @@ trace_cache_free (void *arg)
 	  PTHREAD_DESTRUCTOR_ITERATIONS - cache->dtor_count);
     return;
   }
+  tls_cache_destroyed = 1;
+  tls_cache = NULL;
   munmap (cache->frames, (1u << cache->log_size) * sizeof(unw_tdep_frame_t));
   mempool_free (&trace_cache_pool, cache);
-  tls_cache = NULL;
-  tls_cache_destroyed = 1;
   Debug(5, "freed cache %p\n", cache);
 }