This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug malloc/19243] reused_arena can pick an arena on the free list, leading to an assertion failure and reference count corruption

From: "cvs-commit at gcc dot gnu.org" <sourceware-bugzilla at sourceware dot org>
To: glibc-bugs at sourceware dot org
Date: Wed, 16 Dec 2015 11:46:45 +0000
Subject: [Bug malloc/19243] reused_arena can pick an arena on the free list, leading to an assertion failure and reference count corruption
Auto-submitted: auto-generated
References: <bug-19243-131 at http dot sourceware dot org/bugzilla/>

https://sourceware.org/bugzilla/show_bug.cgi?id=19243

--- Comment #4 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, master has been updated
       via  3da825ce483903e3a881a016113b3e59fd4041de (commit)
      from  f1aceee39289f97a420126c58007eba77fb2dd30 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=3da825ce483903e3a881a016113b3e59fd4041de

commit 3da825ce483903e3a881a016113b3e59fd4041de
Author: Florian Weimer <fweimer@redhat.com>
Date:   Wed Dec 16 12:39:48 2015 +0100

    malloc: Fix attached thread reference count handling [BZ #19243]

    reused_arena can increase the attached thread count of arenas on the
    free list.  This means that the assertion that the reference count is
    zero is incorrect.  In this case, the reference count initialization
    is incorrect as well and could cause arenas to be put on the free
    list too early (while they still have attached threads).

        * malloc/arena.c (get_free_list): Remove assert and adjust
        reference count handling.  Add comment about reused_arena
        interaction.
        (reused_arena): Add comments abount get_free_list interaction.
        * malloc/tst-malloc-thread-exit.c: New file.
        * malloc/Makefile (tests): Add tst-malloc-thread-exit.
        (tst-malloc-thread-exit): Link against libpthread.

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog                       |   11 ++
 malloc/Makefile                 |    4 +-
 malloc/arena.c                  |   12 ++-
 malloc/tst-malloc-thread-exit.c |  217 +++++++++++++++++++++++++++++++++++++++
 4 files changed, 239 insertions(+), 5 deletions(-)
 create mode 100644 malloc/tst-malloc-thread-exit.c

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]