aisexec crash on exit

Cause:
As part of its exit procedure, ais cancels its worker thread then manually
processes any outstanding items that were still in the worker thread's queue.
The worker thread has a low priority so normally it does not execute any
further before ais finishes exiting, but if the main thread's exiting is
delayed for any reason, there is a chance the worker thread could execute and
try to process items which have already been processed and freed by the main
thread - often leading to the worker thread seeing NULL data and ultimately
causing a segmentation fault.

Fix:
Modified worker_thread_group_exit() so it does a pthread_join() after the
pthread_cancel() call, so that the worker thread always shuts down cleanly
before the main thread does its cleanup.

Author: Author: Mark McKinstry <mark.mckinstry@alliedtelesis.co.nz>




git-svn-id: http://svn.fedorahosted.org/svn/corosync/trunk@1658 fd59a12c-fef9-0310-b244-a6a79926bd2f

exec/wthread.c

@@ -183,6 +183,11 @@ void worker_thread_group_exit (
 
 	for (i = 0; i < worker_thread_group->threadcount; i++) {
 		pthread_cancel (worker_thread_group->threads[i].thread_id);
+
+		/* Wait for worker thread to exit gracefully before destroying
+		 * mutexes and processing items in the queue etc.
+		 */
+		pthread_join (worker_thread_group->threads[i].thread_id, NULL);
 		pthread_mutex_destroy (&worker_thread_group->threads[i].new_work_mutex);
 		pthread_cond_destroy (&worker_thread_group->threads[i].new_work_cond);
 		pthread_mutex_destroy (&worker_thread_group->threads[i].done_work_mutex);