This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug dynamic-link/13579] do_lookup_x may access dangling memory
- From: "bharath.vegito at gmail dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Thu, 21 Feb 2013 11:45:49 +0000
- Subject: [Bug dynamic-link/13579] do_lookup_x may access dangling memory
- Auto-submitted: auto-generated
- References: <bug-13579-131@http.sourceware.org/bugzilla/>
http://sourceware.org/bugzilla/show_bug.cgi?id=13579
Bharath H S <bharath.vegito at gmail dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |bharath.vegito at gmail dot
| |com
--- Comment #18 from Bharath H S <bharath.vegito at gmail dot com> 2013-02-21 11:45:49 UTC ---
(In reply to comment #17)
> I know this issue is closed, but for someone who needs to see the exact test
> case using which how this bug is reproduced by simple C test code, please find
> below simple C test case:
> ***************************** Source Code ***********************************
> yogesh$ cat lib1.c
> #include <stdio.h>
>
> int lib1_func()
> {
> return lib2_func();
> }
> ----------------------------------------------
> yogesh$ cat lib2.c
> #include <stdio.h>
>
> int lib2_func()
> {
> return 10;
> }
> ----------------------------------------------
> yogesh$ cat main.c
> #include <stdio.h>
> #include <dlfcn.h>
> #include <pthread.h>
>
> void *handle;
>
> static void *thread_abc()
> {
> handle = dlopen ("./lib1.so", RTLD_LAZY | RTLD_GLOBAL);
> void *func = dlsym (handle, "lib2_func");
> printf ("<thread_abc> Handle:%p, func:%p \n", handle, func);
> dlclose (handle);
> return NULL;
> }
>
> static void *thread_xyz()
> {
> handle = dlopen ("./lib1.so", RTLD_LAZY | RTLD_GLOBAL);
> void *func = dlsym (handle, "lib2_func");
> printf ("<thread_xyz> Handle:%p, func:%p \n", handle, func);
> dlclose (handle);
> return NULL;
> }
>
> int main()
> {
> pthread_t abc_arr[1000], xyz_arr[1000];
> int i=0;
> handle = dlopen ("./lib1.so", RTLD_LAZY | RTLD_GLOBAL);
> void *func = dlsym (handle, "lib2_func");
> printf ("<main> Handle:%p, func:%p \n", handle, func);
> for (i=0;i<10;i++)
> {
> pthread_create(&abc_arr[i], NULL, thread_abc, NULL);
> pthread_create(&xyz_arr[i], NULL, thread_xyz, NULL);
> }
>
> printf ("<main> Handle:%p, func:%p \n", handle, func);
> dlclose (handle);
>
> for (i=0;i<1000;i++)
> {
> pthread_create(&abc_arr[i], NULL, thread_abc, NULL);
> pthread_create(&xyz_arr[i], NULL, thread_xyz, NULL);
> }
> for (i=0;i<10;i++)
> {
> pthread_join(abc_arr[i], NULL);
> pthread_join(xyz_arr[i], NULL);
> }
> printf ("Returning from main\n");
> return 0;
> }
> ************************** Compilation steps *********************
> gcc -g -fPIC -shared -o lib2.so lib2.c &&
> gcc -g -fPIC -shared -o lib1.so lib1.c ./lib2.so &&
> gcc -g main.c ./lib1.so ./lib2.so -ldl -lpthread
> *******************************************************************
>
> With the above test case this issue is 100% reproducible.
Hi yogesh,
With this application in your comment, the issue reported in this bug does not
repro in stock eglibc-2.15 from svn
svn co svn://svn.eglibc.org/branches/eglibc-2_15 eglibc-2.15
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.