From 9338ea3f9d3f7db949001a461456e8ce0339a1b5 Mon Sep 17 00:00:00 2001
From: Sverker Eriksson <sverker@erlang.org>
Date: Fri, 18 May 2018 17:59:03 +0200
Subject: erts: Fix narrow race between ets:new and ets:delete

of same named table.

If other process does ets:delete
before ets:new has completely finished and done save_owned_table
then ets:delete might do delete_owned_table and deref wild pointers
in tb->common.owned.
---
 erts/emulator/beam/erl_db.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'erts/emulator/beam')

diff --git a/erts/emulator/beam/erl_db.c b/erts/emulator/beam/erl_db.c
index 3a29f8cf56..c1eaaeee06 100644
--- a/erts/emulator/beam/erl_db.c
+++ b/erts/emulator/beam/erl_db.c
@@ -1776,9 +1776,11 @@ BIF_RETTYPE ets_new_2(BIF_ALIST_2)
         ret = make_tid(BIF_P, tb);
 
     save_sched_table(BIF_P, tb);
+    save_owned_table(BIF_P, tb);
 
     if (is_named && !insert_named_tab(BIF_ARG_1, tb, 0)) {
         tid_clear(BIF_P, tb);
+        delete_owned_table(BIF_P, tb);
 
 	db_lock(tb,LCK_WRITE);
 	free_heir_data(tb);
@@ -1789,7 +1791,6 @@ BIF_RETTYPE ets_new_2(BIF_ALIST_2)
     }
     
     BIF_P->flags |= F_USING_DB; /* So we can remove tb if p dies */
-    save_owned_table(BIF_P, tb);
 
 #ifdef HARDDEBUG
     erts_fprintf(stderr,
-- 
cgit v1.2.3