This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug locale/22062] New: Data race when reading configuration in iconv/gconv_conf.c
- From: "arjun.is at lostca dot se" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Fri, 01 Sep 2017 11:40:35 +0000
- Subject: [Bug locale/22062] New: Data race when reading configuration in iconv/gconv_conf.c
- Auto-submitted: auto-generated
https://sourceware.org/bugzilla/show_bug.cgi?id=22062
Bug ID: 22062
Summary: Data race when reading configuration in
iconv/gconv_conf.c
Product: glibc
Version: 2.26
Status: NEW
Severity: normal
Priority: P2
Component: locale
Assignee: unassigned at sourceware dot org
Reporter: arjun.is at lostca dot se
Target Milestone: ---
In iconv/gconv_conf.c:
__gconv_read_conf() does a lockless read on __gconv_path_elem (which can
potentially be written by another thread under a lock) to check if it is
already set or still NULL; if it is NULL, it calls __gconv_get_path() to set
it.
The code in __gconv_get_path() appears to (under a lock) first populate the
structure(s) pointed to by __gconv_path_elem and *then* set the pointer
variable itself.
This makes it appear that if thread 1 is executing __gconv_read_path() and does
the NULL test, and thread 2 is executing __gconv_get_path(), it would never
happen that the pointer is non-NULL while the block it points to is not
initialized. But potentially the processor can reorder the stores in thread 2
in a way that the pointer variable is set before the structure it points to is
filled out. This can lead to thread 1 operating on an uninitialized or
partially initialized structure array.
--
You are receiving this mail because:
You are on the CC list for the bug.