Bug 10560 - [PATCH] Avoid malloc deadlocks in assert() and friends
Summary: [PATCH] Avoid malloc deadlocks in assert() and friends
Alias: None
Product: glibc
Classification: Unclassified
Component: libc (show other bugs)
Version: unspecified
: P2 normal
Target Milestone: ---
Assignee: Ulrich Drepper
Depends on:
Reported: 2009-08-25 19:03 UTC by Adam Jackson
Modified: 2017-07-11 23:59 UTC (History)
2 users (show)

See Also:
Last reconfirmed:
fweimer: security-

glibc-mallocless-assert.patch (834 bytes, patch)
2009-08-25 19:03 UTC, Adam Jackson
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Adam Jackson 2009-08-25 19:03:24 UTC
In chasing a malloc bookkeeping corruption bug in X, I hit the following deadlock:

#1  0x00a66873 in __lll_lock_wait_private () from /lib/libc.so.6
#2  0x009ef8b4 in _L_lock_9686 () from /lib/libc.so.6
#3  0x009ed914 in malloc () from /lib/libc.so.6
#4  0x009e1718 in vasprintf () from /lib/libc.so.6
#5  0x009c3eeb in asprintf () from /lib/libc.so.6
#6  0x0099dc3d in __assert_fail () from /lib/libc.so.6
#7  0x009ec47d in _int_malloc () from /lib/libc.so.6
#8  0x009ed91e in malloc () from /lib/libc.so.6
#9  0x0095ba15 in pcfReadFont () from /usr/lib/libXfont.so.1
#10 0x0095667b in ?? () from /usr/lib/libXfont.so.1
#11 0x00949d03 in ?? () from /usr/lib/libXfont.so.1
#12 0x0095a11f in BitmapOpenScalable () from /usr/lib/libXfont.so.1

Not awesome.  There's a number of ways around this, the most straightforward of
which seems to be gcc variable-length arrays and sprintf'ing the error string
into that.  Attached patch does this.

Other options would include walking the args to __assert_fail() directly.  I
don't really have an opinion, and am willing to implement whatever is preferred.
Comment 1 Adam Jackson 2009-08-25 19:03:59 UTC
Created attachment 4150 [details]
Comment 2 Roland McGrath 2009-08-25 19:19:00 UTC
It's not at all clear to me why it doesn't use __fxprintf directly, or indeed
just use __dprintf.
Comment 3 Ulrich Drepper 2009-08-31 11:46:17 UTC
The reason malloc is used is so that in case you see a core file but no console
output you know what was going on.  Using the stack memory is not sufficient in
this case.  The __abort_msg variable was deliberately introduced and is visible
to the debugger and other tools.
Comment 4 Ulrich Drepper 2009-08-31 11:57:31 UTC
Fixed upstream.