This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/14333] New: Fix the race between atexit() and exit()
- From: "penght at cn dot fujitsu.com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sources dot redhat dot com
- Date: Fri, 06 Jul 2012 01:52:47 +0000
- Subject: [Bug libc/14333] New: Fix the race between atexit() and exit()
- Auto-submitted: auto-generated
http://sourceware.org/bugzilla/show_bug.cgi?id=14333
Bug #: 14333
Summary: Fix the race between atexit() and exit()
Product: glibc
Version: unspecified
Status: NEW
Severity: normal
Priority: P2
Component: libc
AssignedTo: unassigned@sourceware.org
ReportedBy: penght@cn.fujitsu.com
CC: carlos@systemhalted.org, drepper.fsp@gmail.com
Classification: Unclassified
Created attachment 6511
--> http://sourceware.org/bugzilla/attachment.cgi?id=6511
The Patch can fix the race betweent atexit() and exit()
exit() uses global variable __exit_funcs indirectly, which are not protected.
It is not safe in multithread circumstance.
When call exit() and atexit() simultaneously in multithread circumstance,
the following case will cause unsafe.
The case has main process A and thread B.
a. thread B call atexit()
b. process A call exit() to traverse the __exit_funcs list
c. thread B call calloc() to create a new entry p, and next to listp:
p->next = *listp;
d. process A modify listp to cur's next, then free cur:
*listp = cur->next;
e. thread B modify listp to p:
*listp = p;
f. when get f, the f is undefined:
const struct exit_function *const f =
&cur->fns[--cur->idx];
g. programme may be Segmentation fault
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.