This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug libc/12847] New: dprintf/vdprintf can cause fork to fail (child process crash)

From: "nvbolhuis at aimvalley dot nl" <sourceware-bugzilla at sourceware dot org>
To: glibc-bugs at sources dot redhat dot com
Date: Mon, 6 Jun 2011 11:14:24 +0000
Subject: [Bug libc/12847] New: dprintf/vdprintf can cause fork to fail (child process crash)
Auto-submitted: auto-generated

http://sourceware.org/bugzilla/show_bug.cgi?id=12847

           Summary: dprintf/vdprintf can cause fork to fail (child process
                    crash)
           Product: glibc
           Version: unspecified
            Status: NEW
          Severity: normal
          Priority: P2
         Component: libc
        AssignedTo: drepper.fsp@gmail.com
        ReportedBy: nvbolhuis@aimvalley.nl


Created attachment 5769
  --> http://sourceware.org/bugzilla/attachment.cgi?id=5769
demo program that shows fork/system(3) can fail

If a multi-threaded application uses fork and dprintf
(by different threads at about the same time) the fork
can fail because the child process crashes in fresetlockfiles.

This problem can be easily reproduced on our powerpc 32bit
system with the attached program (fork_fail_dprintf.c).
One thread uses system(3) (which is implemented with fork
and exec) to write strings to a file. This often fails.
If write(2) is used instead of dprintf, the problem is gone.

Our system uses glibc-2.7, linux-2.6.28 and has a single core
CPU (Freescale MPC8313).
I tried this with glibc-latest and the problem is still there.
Btw. somehow with glibc-latest the problem also occurs when using
write(2).
The problem does not occur on my host PC (FC8=glibc-2.7
on Intel Core i7).

I believe I found the root-cause of this problem and it looks
to me it's still there in glibc-latest.

dprint adds to the global _IO_list_all a temporary
struct _IO_FILE_plus (tmpfil) for which member _lock is NULL.
If another thread kicks in and calls fork (before tmpfil has
been removed from _IO_list_all!) the child process will
crash in fresetlockfiles. This is because here it will
re-initialize the file locks by writing to the _lock member
(which is NULL!)
see:
http://sourceware.org/ml/libc-help/2011-05/msg00014.html
for the full story.

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]