Bug in __register_exitproc() in __atexit.c

Corinna Vinschen vinschen@redhat.com
Mon Dec 14 13:43:00 GMT 2015


On Dec 12 15:25, Freddie Chopin wrote:
> On Wednesday 09 of December 2015 10:27:31 Corinna Vinschen wrote:
> > On Dec  8 16:40, Freddie Chopin wrote:
> > > Hello!
> > > 
> > > Today I noticed that even when I disable dynamic allocation of memory in
> > > atexit (with --disable-newlib-atexit-dynamic-alloc switch) malloc() is
> > > used in __register_exitproc().
> > > 
> > > First of all, if this switch is used, then _ATEXIT_DYNAMIC_ALLOC is not
> > > defined, so the first use of malloc() in this function - at line 93 - is
> > > indeed disabled. But if small reent is used, malloc() is used again at
> > > line
> > > 120 - this time it's not conditional on _ATEXIT_DYNAMIC_ALLOC being
> > > defined.
> > > 
> > > Moreover, at first glance it seems that there's a bug in this function.
> > > The
> > > __atexit_lock lock is acquired at entry, but there are at two places where
> > > it is not released before return - at line 86 and at line 91.
> > > 
> > > Should I try to provide a patch for both issues?
> > 
> > That would be nice :)
> 
> OK, I've just sent the patches.
> 
> I've checked that newlib still compiles with all 8 combinations of related 
> options (reent small, global atexit, dynamic atexit). The fix I implemented 
> also solves the issue I had - __register_exitproc() no longer uses malloc() if 
> --disable-newlib-atexit-dynamic-alloc was used.
> 
> The first patch - the one for missing lock releases - is trivial and there's 
> not much to debate.
> 
> The second one - with the fix for dynamic atexit allocation - is more 
> problematic... It turns out that when both --disable-newlib-atexit-dynamic-
> alloc and --enable-newlib-reent-small are used, then __register_exitproc() 
> called by on_exit() or __cxa_atexit() will never succeed. Both of these 
> variants pass an argument to the registered function and this argument is 
> placed in a struct that is _NOT_ part of _atexit struct.
> 
> This can actually be solved easily - you'd just need to allocate a static 
> instance of _on_exit_args struct and use it for the first 32 registered 
> functions. The only problem is that the size of this struct is - for 32-bit 
> ARM - 264 bytes, so not exactly "small". So I was wondering what approach 
> would you suggest? Leave it as it is (with the fix) or maybe add static 
> instance of this struct when dynamic allocation is disabled for atexit-like 
> functions?
> 
> Maybe it would be possible to have the instance of this struct as a weak 
> reference and pull it in only if on_exit() or __cxa_atexit() are used?
> 
> Regards,
> FCh

I'd like to defer this to Jeff.  I'm not sure what's the right or best
way to fix this.

Jeff?


Thanks,
Corinna

-- 
Corinna Vinschen
Cygwin Maintainer
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://sourceware.org/pipermail/newlib/attachments/20151214/dc13cd53/attachment.sig>


More information about the Newlib mailing list