This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug locale/22062] New: Data race when reading configuration in iconv/gconv_conf.c


https://sourceware.org/bugzilla/show_bug.cgi?id=22062

            Bug ID: 22062
           Summary: Data race when reading configuration in
                    iconv/gconv_conf.c
           Product: glibc
           Version: 2.26
            Status: NEW
          Severity: normal
          Priority: P2
         Component: locale
          Assignee: unassigned at sourceware dot org
          Reporter: arjun.is at lostca dot se
  Target Milestone: ---

In iconv/gconv_conf.c:

__gconv_read_conf() does a lockless read on __gconv_path_elem (which can
potentially be written by another thread under a lock) to check if it is
already set or still NULL; if it is NULL, it calls __gconv_get_path() to set
it.

The code in __gconv_get_path() appears to (under a lock) first populate the
structure(s) pointed to by __gconv_path_elem and *then* set the pointer
variable itself.

This makes it appear that if thread 1 is executing __gconv_read_path() and does
the NULL test, and thread 2 is executing __gconv_get_path(), it would never
happen that the pointer is non-NULL while the block it points to is not
initialized. But potentially the processor can reorder the stores in thread 2
in a way that the pointer variable is set before the structure it points to is
filled out. This can lead to thread 1 operating on an uninitialized or
partially initialized structure array.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]