From bcc4a523b60996c6dfe0ce2ba2f0ace2bff4cb13 Mon Sep 17 00:00:00 2001
From: Michael Lotz <mmlr@mlotz.ch>
Date: Sat, 10 Dec 2011 21:23:35 +0100
Subject: [PATCH] Fix invalid use of iterator after erase and lock corruption.

* The call to _TeamDied() causes the team that the iterator points to
  be removed from the map. Therefore the iterator becomes invalid and
  may not be accessed anymore (including incrementing it). As we've had
  to unlock, anything might have happened to to map, so take the safe
  route and just start over.
* For each dead team that was found the AppManager was unlocked, but
  there were no balancing lock calls, therefore causing the lock count
  to get corrupted.
---
 src/servers/media/AppManager.cpp | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/src/servers/media/AppManager.cpp b/src/servers/media/AppManager.cpp
index c2d0afe8d6..083a871f42 100644
--- a/src/servers/media/AppManager.cpp
+++ b/src/servers/media/AppManager.cpp
@@ -189,7 +189,7 @@ AppManager::_BigBrotherEntry(void* self)
 void
 AppManager::_BigBrother()
 {
-	status_t status;
+	status_t status = B_TIMED_OUT;
 	BMessage ping('PING');
 	BMessage reply;
 
@@ -197,6 +197,7 @@ AppManager::_BigBrother()
 		if (!Lock())
 			break;
 
+		bool startOver = false;
 		AppMap::iterator iterator = fMap.begin();
 		for (; iterator != fMap.end(); iterator++) {
 			reply.what = 0;
@@ -207,11 +208,15 @@ AppManager::_BigBrother()
 				Unlock();
 
 				_TeamDied(team);
-				continue;
+				startOver = true;
+				break;
 			}
 		}
-		Unlock();
 
+		if (startOver)
+			continue;
+
+		Unlock();
 		status = acquire_sem_etc(fQuit, 1, B_RELATIVE_TIMEOUT, 2000000);
 	} while (status == B_TIMED_OUT || status == B_INTERRUPTED);
 }