This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug dynamic-link/13579] do_lookup_x may access dangling memory
- From: "gauryogesh.nsit at gmail dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Tue, 12 Feb 2013 01:36:08 +0000
- Subject: [Bug dynamic-link/13579] do_lookup_x may access dangling memory
- Auto-submitted: auto-generated
- References: <bug-13579-131@http.sourceware.org/bugzilla/>
http://sourceware.org/bugzilla/show_bug.cgi?id=13579
Yogesh Gaur <gauryogesh.nsit at gmail dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |gauryogesh.nsit at gmail
| |dot com
--- Comment #17 from Yogesh Gaur <gauryogesh.nsit at gmail dot com> 2013-02-12 01:36:08 UTC ---
I know this issue is closed, but for someone who needs to see the exact test
case using which how this bug is reproduced by simple C test code, please find
below simple C test case:
***************************** Source Code ***********************************
yogesh$ cat lib1.c
#include <stdio.h>
int lib1_func()
{
return lib2_func();
}
----------------------------------------------
yogesh$ cat lib2.c
#include <stdio.h>
int lib2_func()
{
return 10;
}
----------------------------------------------
yogesh$ cat main.c
#include <stdio.h>
#include <dlfcn.h>
#include <pthread.h>
void *handle;
static void *thread_abc()
{
handle = dlopen ("./lib1.so", RTLD_LAZY | RTLD_GLOBAL);
void *func = dlsym (handle, "lib2_func");
printf ("<thread_abc> Handle:%p, func:%p \n", handle, func);
dlclose (handle);
return NULL;
}
static void *thread_xyz()
{
handle = dlopen ("./lib1.so", RTLD_LAZY | RTLD_GLOBAL);
void *func = dlsym (handle, "lib2_func");
printf ("<thread_xyz> Handle:%p, func:%p \n", handle, func);
dlclose (handle);
return NULL;
}
int main()
{
pthread_t abc_arr[1000], xyz_arr[1000];
int i=0;
handle = dlopen ("./lib1.so", RTLD_LAZY | RTLD_GLOBAL);
void *func = dlsym (handle, "lib2_func");
printf ("<main> Handle:%p, func:%p \n", handle, func);
for (i=0;i<10;i++)
{
pthread_create(&abc_arr[i], NULL, thread_abc, NULL);
pthread_create(&xyz_arr[i], NULL, thread_xyz, NULL);
}
printf ("<main> Handle:%p, func:%p \n", handle, func);
dlclose (handle);
for (i=0;i<1000;i++)
{
pthread_create(&abc_arr[i], NULL, thread_abc, NULL);
pthread_create(&xyz_arr[i], NULL, thread_xyz, NULL);
}
for (i=0;i<10;i++)
{
pthread_join(abc_arr[i], NULL);
pthread_join(xyz_arr[i], NULL);
}
printf ("Returning from main\n");
return 0;
}
************************** Compilation steps *********************
gcc -g -fPIC -shared -o lib2.so lib2.c &&
gcc -g -fPIC -shared -o lib1.so lib1.c ./lib2.so &&
gcc -g main.c ./lib1.so ./lib2.so -ldl -lpthread
*******************************************************************
With the above test case this issue is 100% reproducible.
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.