Bug 11901 - __libc_message(do_abort = 1) will deadlock if called from malloc
Summary: __libc_message(do_abort = 1) will deadlock if called from malloc
Status: RESOLVED FIXED
Alias: None
Product: glibc
Classification: Unclassified
Component: libc (show other bugs)
Version: 2.13
: P2 normal
Target Milestone: ---
Assignee: Ulrich Drepper
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-08-10 18:00 UTC by Adam Jackson
Modified: 2014-06-30 08:18 UTC (History)
2 users (show)

See Also:
Host:
Target:
Build:
Last reconfirmed:
fweimer: security-


Attachments
glibc-abort-deadlock-fix.patch (523 bytes, patch)
2010-08-10 18:01 UTC, Adam Jackson
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Adam Jackson 2010-08-10 18:00:07 UTC
... because it calls malloc itself.  It does this because it wants to preserve
the abort message in __abort_msg, which is noble enough, but deadlocking instead
of aborting is certainly not the intended result.
Comment 1 Adam Jackson 2010-08-10 18:01:38 UTC
Created attachment 4923 [details]
glibc-abort-deadlock-fix.patch

Allocate with sbrk instead.  This will leak if we call __libc_message() to
abort more than once, but there's not a lot to be done about that.
Comment 2 Colin 2011-03-02 19:34:03 UTC
A few thoughts on this:

* Potentially add another argument to _libc_fatal which says whether or not we can use malloc?
* Will calling sbrk confuse malloc if the program happens to catch SIGABRT?
* Use alloca instead of malloc if the buffer is "small"?  Actually, how about always using alloca, and truncating the message to say 1024 characters?
* Why are there duplicate copies of libc_fatal.c in the tree?
Comment 3 Colin 2011-03-02 20:14:39 UTC
See also:

https://bugzilla.redhat.com/show_bug.cgi?id=618743#c6
Comment 4 Ulrich Drepper 2011-05-15 04:35:28 UTC
I checked in a patch.