This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug linuxthreads/4338] New: pthread_create / pthread_exit -- use of partially uninitialized buffer


Hi,

Valgrind ( http://valgrind.org/ ) detects use of unitialized values when
pthread_create / pthread_exit are writing on thread's communication pipes.
We're using a quite old glibc (2.1), so maybe the problem is fixed now. (tell me)

Here is a sample thread-test-program :

#include <stdlib.h>
#include <stdio.h>
#include <pthread.h>
#include <unistd.h>

static void * thread_func (void * param)
{
        param = NULL;

        printf ("Thread created\n");
        usleep(200000);
        printf ("Thread working\n");
        usleep(1200000);
        printf ("Thread ended\n");
        pthread_exit(NULL);
}

int main(void)
{
        pthread_t thread_id;

        if (pthread_create(&thread_id, NULL, thread_func, NULL) == 0)
        {
                printf ("Printing on main thread\n");
                usleep(500000);
                printf ("Main thread working...\n");
                usleep(500000);
                printf ("Main thread waiting for created thread\n");
                pthread_join(thread_id, NULL);
        }
        printf ("Program end\n");
        return 0;
}

Compiled with :

$ gcc -Wall -W testpthread.c -lrt


Here is the normal output :

$ ./a.out
Printing on main thread
Thread created
Thread working
Main thread working...
Main thread waiting for created thread
Thread ended
Program end



Here is valgrind's dump :

> valgrind ./a.out
==30172== Memcheck, a memory error detector.
==30172== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==30172== Using LibVEX rev 1732, a library for dynamic binary translation.
==30172== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==30172== Using valgrind-3.2.3, a dynamic binary instrumentation framework.
==30172== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==30172== For more details, rerun with: -v
==30172==
==30172== Syscall param write(buf) points to uninitialised byte(s)
==30172==    at 0x403A7FB: write (in /lib/i686/libpthread-0.10.so)
==30172==    by 0x4036BEB: pthread_create@@GLIBC_2.1 (in
/lib/i686/libpthread-0.10.so)
==30172==    by 0x804850C: main (in ***/a.out)
==30172==  Address 0xBEFFE800 is on thread 1's stack
==30172==
==30172== Syscall param write(buf) points to uninitialised byte(s)
==30172==    at 0x403A7FB: write (in /lib/i686/libpthread-0.10.so)
==30172==    by 0x804850C: main (in ***/a.out)
==30172==  Address 0xBEFFE8FC is on thread 1's stack
Thread created
Printing on main thread
Thread working
Main thread working...
Main thread waiting for created thread
Thread ended
==30172==
==30172== Syscall param write(buf) points to uninitialised byte(s)
==30172==    at 0x403A7FB: write (in /lib/i686/libpthread-0.10.so)
==30172==    by 0x8048570: main (in ***/a.out)
==30172==  Address 0xBEFFE8DC is on thread 1's stack
Program end
==30172==
==30172== Syscall param write(buf) points to uninitialised byte(s)
==30172==    at 0x403A7FB: write (in /lib/i686/libpthread-0.10.so)
==30172==    by 0x40A99EF: exit (in /lib/i686/libc-2.3.2.so)
==30172==    by 0x4094A6E: (below main) (in /lib/i686/libc-2.3.2.so)
==30172==  Address 0xBEFFE8EC is on thread 1's stack
==30172==
==30172== ERROR SUMMARY: 4 errors from 4 contexts (suppressed: 16 from 4)
==30172== malloc/free: in use at exit: 11,392 bytes in 6 blocks.
==30172== malloc/free: 8 allocs, 2 frees, 12,748 bytes allocated.
==30172== For counts of detected errors, rerun with: -v
==30172== searching for pointers to 6 not-freed blocks.
==30172== checked 328,352 bytes.
==30172==
==30172== LEAK SUMMARY:
==30172==    definitely lost: 8,160 bytes in 1 blocks.
==30172==      possibly lost: 2,712 bytes in 4 blocks.
==30172==    still reachable: 520 bytes in 1 blocks.
==30172==         suppressed: 0 bytes in 0 blocks.
==30172== Rerun with --leak-check=full to see details of leaked memory.


Thanks

-- 
           Summary: pthread_create / pthread_exit -- use of partially
                    uninitialized buffer
           Product: glibc
           Version: unspecified
            Status: NEW
          Severity: normal
          Priority: P2
         Component: linuxthreads
        AssignedTo: drow at false dot org
        ReportedBy: poletto at jeuxvideo dot com
                CC: glibc-bugs at sources dot redhat dot com
  GCC host triplet: linux-pc i386 glibc 2.1


http://sourceware.org/bugzilla/show_bug.cgi?id=4338

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]