Bug 21032 - pthread_key_create() destructors and segfault after a DSO unloading
Summary: pthread_key_create() destructors and segfault after a DSO unloading
Alias: None
Product: glibc
Classification: Unclassified
Component: nptl (show other bugs)
Version: 2.24
: P2 normal
Target Milestone: ---
Assignee: Not yet assigned to anyone
Depends on:
Reported: 2017-01-07 20:14 UTC by Leo Yuriev
Modified: 2018-03-28 12:16 UTC (History)
2 users (show)

See Also:
Last reconfirmed:
fweimer: security-


Note You need to log in before you can comment on or make changes to this bug.
Description Leo Yuriev 2017-01-07 20:14:33 UTC
The pthread_key_create() and __nptl_deallocate_tsd() do not track the references to destructor's DSO like the __cxa_thread_atexit_impl().

Therefore the DSO, which holds a destructor's code, could be unloaded before destructor execution or before deleting a corresponding key.

So in a complex environment there is no way to know whether it is safe to unload a particular DSO or some tls-destructors are still left.

Suggest this should be fixed or documented, e.g. that the pthread_create_key() with a destructor should not be used from lib.so.
Comment 1 Leo Yuriev 2018-03-28 12:16:25 UTC
Related to bugs 18136, 21031.