i#2049 burst_threads crash: fix race in clean call analysis

Fixes a race where a bailout callee's shared data is written to without a lock, resulting in crashes. Review-URL: https://codereview.appspot.com/310670043
DynamoRIO · Nov 1, 2016 · 4e9cc16 · 4e9cc16
1 parent 8617acc
commit 4e9cc16
Showing 1 changed file with 5 additions and 6 deletions.
diff --git a/core/arch/x86/clean_call_opt.c b/core/arch/x86/clean_call_opt.c
@@ -1253,17 +1253,16 @@ analyze_clean_call(dcontext_t *dcontext, clean_call_info_t *cci, instr_t *where,
             /* 4.2. decode the callee */
             decode_callee_ilist(dcontext, ci);
             /* 4.3. analyze the instrlist */
-            if (!ci->bailout)
+            if (ci->bailout) {
+                callee_info_init(ci);
+                ci->start = (app_pc)callee;
+            } else
                 analyze_callee_ilist(dcontext, ci);
             /* 4.4. add info into callee list */
             ci = callee_info_table_add(ci);
         }
         cci->callee_info = ci;
-        if (ci->bailout) {
-            callee_info_init(ci);
-            ci->start = (app_pc)callee;
-            LOG(THREAD, LOG_CLEANCALL, 2, "CLEANCALL: bailout "PFX"\n", callee);
-        } else {
+        if (!ci->bailout) {
             /* 5. aflags optimization analysis */
             analyze_clean_call_aflags(dcontext, cci, where);
             /* 6. register optimization analysis */