Bug 11901

Summary: __libc_message(do_abort = 1) will deadlock if called from malloc
Product: glibc Reporter: Adam Jackson <ajax>
Component: libcAssignee: Ulrich Drepper <drepper.fsp>
Status: RESOLVED FIXED    
Severity: normal CC: glibc-bugs, walters
Priority: P2 Flags: fweimer: security-
Version: 2.13   
Target Milestone: ---   
Host: Target:
Build: Last reconfirmed:
Attachments: glibc-abort-deadlock-fix.patch

Description Adam Jackson 2010-08-10 18:00:07 UTC
... because it calls malloc itself.  It does this because it wants to preserve
the abort message in __abort_msg, which is noble enough, but deadlocking instead
of aborting is certainly not the intended result.
Comment 1 Adam Jackson 2010-08-10 18:01:38 UTC
Created attachment 4923 [details]
glibc-abort-deadlock-fix.patch

Allocate with sbrk instead.  This will leak if we call __libc_message() to
abort more than once, but there's not a lot to be done about that.
Comment 2 Colin 2011-03-02 19:34:03 UTC
A few thoughts on this:

* Potentially add another argument to _libc_fatal which says whether or not we can use malloc?
* Will calling sbrk confuse malloc if the program happens to catch SIGABRT?
* Use alloca instead of malloc if the buffer is "small"?  Actually, how about always using alloca, and truncating the message to say 1024 characters?
* Why are there duplicate copies of libc_fatal.c in the tree?
Comment 3 Colin 2011-03-02 20:14:39 UTC
See also:

https://bugzilla.redhat.com/show_bug.cgi?id=618743#c6
Comment 4 Ulrich Drepper 2011-05-15 04:35:28 UTC
I checked in a patch.