Bug 18564

Summary: Race condition in XNamespace.GetName()
Product: iOS Reporter: Jahmai <jahmai>
Component: Xamarin.iOS.dllAssignee: Bugzilla <bugzilla>
Status: VERIFIED FIXED    
Severity: normal CC: mono-bugs+monotouch, ramc, rolf
Priority: ---    
Version: 7.2.0   
Target Milestone: Untriaged   
Hardware: PC   
OS: Mac OS   
Tags: Is this bug a regression?: ---
Last known good build:

Description Jahmai 2014-03-25 03:20:32 UTC
We have been observing random crashes while creating XName instances, and have observed a race condition;

I am referring to the following method in System.Linq.Xml.XNamespace;

public XName GetName(string localName)
{
	if (this.table == null)
	{
// [1]
		this.table = new Dictionary<string, XName>();
	}
	object obj = this.table;
// [2]
	XName result;
	lock (obj)
	{
// [3]
		XName xName;
		if (!this.table.TryGetValue(localName, out xName))
		{
			xName = new XName(localName, this);
			this.table[localName] = xName;
		}
		result = xName;
	}
	return result;
}

If 2 or more threads enter this method at the same time, it is possible to allocation this.table multiple times, and access the same Dictionary instance for writing without a lock protecting it.

At [1], both threads can be here after the pre-condition succeeds and proceed to allocate this.table twice.

At [2], it is possible for thread 1 to have obj referencing the table allocated by thread 1, and thread 2 have obj referencing the table allocated by thread 2.

At [3], because both threads are locking on different instances of the Dictionary, yet accessing the same dictionary instance at this.table, this can result in corruption.
Comment 1 Rolf Bjarne Kvinge [MSFT] 2014-03-25 08:53:08 UTC
Fixed.

mono/master: b1babf0ff5cec3ab6d30107715d9a12fe7496607

https://github.com/mono/mono/commit/b1babf0ff5cec3ab6d30107715d9a12fe7496607
Comment 2 Ram Chandra 2014-06-03 11:05:45 UTC
I have checked the definition of "GetName()" method of  "XNamespace" class in "assembly browser" and I observed that the "GetName()" method is updated for the race condition.

Screencast: http://screencast.com/t/YL31mEZ9vi

This issue has been fixed. Hence, closing this issue 

Environment Info

=== Xamarin Studio ===

Version 5.1 (build 327)
Installation UUID: 449f40dd-b3f1-4028-9a6b-cca0d1a2307d
Runtime:
	Mono 3.4.0 ((no/c3fc3ba)
	GTK+ 2.24.23 (Raleigh theme)

	Package version: 304000204

=== Apple Developer Tools ===

Xcode 5.1.1 (5085)
Build 5B1008

=== Xamarin.iOS ===

Version: 7.2.99.420 (Enterprise Edition)
Hash: 5aa4bec
Branch: 
Build date: 2014-06-02 00:04:26-0400

=== Xamarin.Android ===

Version: 4.14.0 (Enterprise Edition)
Android SDK: /Users/360logicaxamarinmacmini/Desktop/android-sdk-macosx_Róbert_à
	Supported Android versions:
		1.6   (API level 4)
		2.1   (API level 7)
		2.2   (API level 8)
		2.3   (API level 10)
		3.1   (API level 12)
		3.2   (API level 13)
		4.0   (API level 14)
		4.0.3 (API level 15)
		4.1   (API level 16)
		4.2   (API level 17)
		4.3   (API level 18)
		4.4   (API level 19)
Java SDK: /usr
java version "1.6.0_65"
Java(TM) SE Runtime Environment (build 1.6.0_65-b14-462-11M4609)
Java HotSpot(TM) 64-Bit Server VM (build 20.65-b04-462, mixed mode)

=== Xamarin.Mac ===

Xamarin.Mac: 1.8.0.7

=== Build Information ===

Release ID: 501000327
Git revision: 9a4bf62f59ec39169e4e9b61c3816a03c8ac961f
Build date: 2014-06-03 06:01:06-04
Xamarin addins: b68a34ef2fc4c46b045dc38e26fb199bfe1b201d

=== Operating System ===

Mac OS X 10.8.4
Darwin 360Logicas-Mac-mini.local 12.4.0 Darwin Kernel Version 12.4.0
    Sun Mar 10 18:01:10 PDT 2013
    root:xnu-2050.24.6~1/RELEASE_X86_64 x86_64