From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-bugs-return-149002-listarch-gcc-bugs=gcc.gnu.org@gcc.gnu.org>
Received: (qmail 28660 invoked by alias); 5 Jul 2005 13:54:49 -0000
Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Archive: <http://gcc.gnu.org/ml/gcc-bugs/>
List-Post: <mailto:gcc-bugs@gcc.gnu.org>
List-Help: <mailto:gcc-bugs-help@gcc.gnu.org>
Sender: gcc-bugs-owner@gcc.gnu.org
Received: (qmail 28614 invoked by uid 48); 5 Jul 2005 13:54:38 -0000
Date: Tue, 05 Jul 2005 13:54:00 -0000
From: "jakub at redhat dot com" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Message-ID: <20050705135434.22309.jakub@redhat.com>
Reply-To: gcc-bugzilla@gcc.gnu.org
Subject: [Bug libstdc++/22309] New: mt allocator doesn't pthread_key_delete it's keys
X-Bugzilla-Reason: CC
X-SW-Source: 2005-07/txt/msg00425.txt.bz2
List-Id: <gcc-bugs.sourceware.org>

With libstdc++ configured with --enable-libstdcxx-allocator=mt (on 4.0 branch
or on HEAD for linux even without it, as mt is the default there), following
testcase crashes:

cat > O.c <<EOF
#include <dlfcn.h>
#include <pthread.h>

void *
tf (void *arg)
{
  void *h = dlopen ("./libO.so", RTLD_LAZY);
  void (*fn) (void);
  if (!h) return 0;
  fn = dlsym (h, "foo");
  fn ();
  dlclose (h);
  return 0;
}

int
main (void)
{
  pthread_t th;
  pthread_create (&th, NULL, tf, NULL);
  pthread_join (th, NULL);
  return 0;
}
EOF
cat > libO.C <<EOF
#include <string>

extern "C" void
foo (void)
{
  std::string s;
  s += "hello";
}
EOF
g++ -g -O2 -shared -fpic -o libO.so libO.C
gcc -g -O2 -o O O.c -ldl -lpthread

The problem is that __gnu_cxx::__pool<true>::_M_initialize () calls
pthread_key_create but doesn't ensure pthread_key_delete is called when
libstdc++.so is unloaded.  So when glibc attempts destroys a thread or program
and calls the registered key cleanup routine (_S_destroy_thread_key), if
libstdc++.so is not mapped at that moment any longer, either whatever other
code happens to be mapped at that address is run, or the program crashes
immediately.

mt_allocator.cc should ensure that gthread_key_delete is called on the key
after all users of the key have been destroyed.

-- 
           Summary: mt allocator doesn't pthread_key_delete it's keys
           Product: gcc
           Version: 4.1.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: libstdc++
        AssignedTo: unassigned at gcc dot gnu dot org
        ReportedBy: jakub at redhat dot com
                CC: gcc-bugs at gcc dot gnu dot org


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=22309