This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug nptl/20511] New: Invalid read on pthread_create with short-lived threads
- From: "dfnsonfsduifb at gmx dot de" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Wed, 24 Aug 2016 11:36:25 +0000
- Subject: [Bug nptl/20511] New: Invalid read on pthread_create with short-lived threads
- Auto-submitted: auto-generated
https://sourceware.org/bugzilla/show_bug.cgi?id=20511
Bug ID: 20511
Summary: Invalid read on pthread_create with short-lived
threads
Product: glibc
Version: 2.24
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: nptl
Assignee: unassigned at sourceware dot org
Reporter: dfnsonfsduifb at gmx dot de
CC: drepper.fsp at gmail dot com
Target Milestone: ---
I noticed sporadically that pthread_create causes invalid reads. The effect is
particularly obvious when threads are extremely short-lived. I've built 2.24
from scratch and can reproduce the problem with it. Here's example code:
// gcc -O2 -Wall -Wextra -pthread -o ptc ptc.c
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <pthread.h>
static void* do_nothing(void* arg) {
return arg;
}
int main(void) {
pthread_attr_t thread_attributes;
memset(&thread_attributes, 0, sizeof(thread_attributes));
if (pthread_attr_init(&thread_attributes)) {
perror("pthread_attr_init");
exit(EXIT_FAILURE);
}
pthread_attr_setdetachstate(&thread_attributes,
PTHREAD_CREATE_DETACHED);
for (int i = 0; i < 1000; i++) {
pthread_t tid;
if (pthread_create(&tid, &thread_attributes, do_nothing, NULL))
{
perror("pthread_create");
exit(EXIT_FAILURE);
}
}
return 0;
}
When run with valgrind:
==31206== Invalid read of size 1
==31206== at 0x4E41BE7: pthread_create@@GLIBC_2.2.5 (pthread_create.c:713)
==31206== by 0x40070B: main (in /home/joe/fractals-ng/libc_bug/ptc)
==31206== Address 0xa028d13 is not stack'd, malloc'd or (recently) free'd
==31206==
==31206==
==31206== Process terminating with default action of signal 11 (SIGSEGV)
==31206== Access not within mapped region at address 0xA028D13
==31206== at 0x4E41BE7: pthread_create@@GLIBC_2.2.5 (pthread_create.c:713)
==31206== by 0x40070B: main (in /home/joe/fractals-ng/libc_bug/ptc)
The offending access is
else
{
if (pd->stopped_start) <-- here! line 713
/* The thread blocked on this lock either because we're doing TD_CREATE
event reporting, or for some other reason that create_thread chose.
Now let it run free. */
lll_unlock (pd->lock, LLL_PRIVATE);
/* We now have for sure more than one thread. The main thread might
not yet have the flag set. No need to set the global variable
again if this is what we use. */
THREAD_SETMEM (THREAD_SELF, header.multiple_threads, 1);
}
Thank you for looking into this.
Cheers,
Johannes
--
You are receiving this mail because:
You are on the CC list for the bug.