Bug 9939

Summary:	MCheck is not thread safe - can report false errors on multi threaded apps
Product:	glibc	Reporter:	Wayne Johnson <wdtj>
Component:	libc	Assignee:	Ulrich Drepper <drepper.fsp>
Status:	RESOLVED WONTFIX
Severity:	normal	CC:	fweimer, glibc-bugs, jan
Priority:	P2	Flags:	fweimer: security-
Version:	2.4
Target Milestone:	---
See Also:	https://sourceware.org/bugzilla/show_bug.cgi?id=24886 https://sourceware.org/bugzilla/show_bug.cgi?id=31957
Host:		Target:
Build:		Last reconfirmed:

Description Wayne Johnson 2009-03-11 15:08:27 UTC

MCheck is not thread safe - can report false errors on multi threaded apps.  

mcheck.c uses the __malloc_hook (et al) feature of malloc.c & arena.c to
intercept memory requests.  During it's processing, it swaps the _hooks back to
their original values and recursively calls the memory request in order to do
the actual memory request.  While this hook is swapped out, another thread could
call the memory request and at that point get memory that bypassed mcheck.  This
memory will then be reported as corrupt if it is freed with the mcheck hook back
in place.

Possible fixes:
1) Add linkage to malloc.c's _int_malloc (el al) functions that would allow
mcheck to access the memory allocation without having to go through the code
implementing the hooks.

2) Change or add a new hook set that allows the hooker to wrapper the call, not
just intercept it.

3) Write a separate memory pool routine for use in mcheck.  (yuck).

Comment 1 Ulrich Drepper 2009-03-11 15:14:19 UTC

This is by design.  This can never be changed without breaking various ABIs.