[Bug libstdc++/23591] New: exceptions in plugins in threads cause segmentation violation by leaving bad exit handler for the pthread

[Bug libstdc++/23591] New: exceptions in plugins in threads cause segmentation violation by leaving bad exit handler for the pthread

[gcc-bugzilla at gcc dot gnu dot org]

libstdc++ registers some handlers with pthreads in conjunction
with throw statements.  Those handlers are not properly removed
when libstdc++ is unloaded, causing pthread_join to jump to a
bad address.

gcc -ldl -lpthread main.c -o main
g++ -shared -lstdc++ -lc -lm plug.cc \
-o plug.so
./main
In plug.
Leaving plug.
make: *** [all] Killed

gdb:

grothoff@elma:~/svn/bug905$ gdb main
GNU gdb 6.3-debian
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-linux"...Using host libthread_db library "/usr/lib/debug/libthread_db.so.1".

(gdb) run
Starting program: /home/grothoff/svn/bug905/main
[Thread debugging using libthread_db enabled]
[New Thread 16384 (LWP 2816)]
[New Thread 32769 (LWP 2819)]
[New Thread 16386 (LWP 2821)]
In plug.
Leaving plug.

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 16386 (LWP 2821)]
0x557982a0 in ?? ()
(gdb) ba
#0  0x557982a0 in ?? ()
#1  0x55579f08 in __pthread_destroy_specifics () at specific.c:192
#2  0x555764d5 in __pthread_do_exit (retval=0x804cf18, currentframe=0x804cf18 "") at join.c:43
#3  0x55576e5d in pthread_start_thread (arg=0xff7ffbe0) at manager.c:312
#4  0x55576ecf in pthread_start_thread_event (arg=0xff7ffbe0) at manager.c:333
#5  0x5569992a in clone () from /usr/lib/debug/libc.so.6

Additional information about the original context is tracked in GNUnet's Mantis
bug database at https://gnunet.org/mantis/view.php?id=905

Environment:
System: Linux elma 2.6.8-11-amd64-k8 #1 Mon May 30 22:15:15 UTC 2005 x86_64 GNU/Linux
Architecture: x86_64 (also reproduced on i686)

	
host: i486-pc-linux-gnu
build: i486-pc-linux-gnu
target: i486-pc-linux-gnu
configured with: ../src/configure -v --enable-languages=c,c++,java,f77,pascal,objc,ada,treelang --prefix=/usr --mandir=/usr/share/man --infodir=/usr/share/info --with-gxx-include-dir=/usr/include/c++/3.3 --enable-shared --enable-__cxa_atexit --with-system-zlib --enable-nls --without-included-gettext --enable-clocale=gnu --enable-debug --enable-java-gc=boehm --enable-java-awt=xlib --enable-objc-gc i486-linux

How-To-Repeat:

Essentially, use C code that is NOT linked against libstdc++ to
create a pthread.  In that thread dlopen a C++ library, dlsym a 
function that throws and catches an exception, close the library.
In the main C code join on the pthread.  The join will segfault
after the C++ code is complete and the library is unloaded.

https://gnunet.org/svn/bug905/ has 60 lines of C and C++ code 
(plus a trivial Makefile) to reproduce.

What seems to happen is this.  libstdc++ registers some on-exit
handler with the pthread which refers to code in libstdc++. 
The library _fails_ to unregister that handler when libstdc++
itself is unloaded.  The library is unloaded, the handler is
still there, and on pthread_join the handler is called and
points to a (now invalid) address in memory => seg fault.

The bug was found in real-life in GNUnet (100% C, multithreaded) 
loading a C plugin which uses libextractor (reentrant) which 
loads a C++ plugin which uses exceptions.
------- Additional Comments From grothoff at gnunet dot org  2005-08-27 04:42 -------
Fix:

Workarounds:
LD_PRELOAD libstdc++ (then the symbol stays in memory)
do not use pthreads (no exit handler)
do not use plugins (no unloading issue)
do not use exceptions (no handler registered)
link the C code against libstdc++ (handler stays in memory on unload of plugin)
do not use libstdc++ (yeah, right)

None of these is acceptable for me since C code that may load
a plugin that may load a plugin that may use C++ that may use
exceptions should not require C++ to be even _installed_, not
to mention link against it.

The solution is to properly track installed handlers and 
unregister those in the destructor of the library (ELF has
wonderful provisions for that).

-- 
           Summary: exceptions in plugins in threads cause segmentation
                    violation by leaving bad exit handler for the pthread
           Product: gcc
           Version: 3.3.5
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: libstdc++
        AssignedTo: unassigned at gcc dot gnu dot org
        ReportedBy: grothoff at gnunet dot org
                CC: gcc-bugs at gcc dot gnu dot org
 GCC build triplet: i486-pc-linux-gnu
  GCC host triplet: i486-pc-linux-gnu
GCC target triplet: i486-pc-linux-gnu


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=23591

[Bug libstdc++/23591] exceptions in plugins in threads cause segmentation violation by leaving bad exit handler for the pthread

[bkoz at gcc dot gnu dot org]

------- Additional Comments From bkoz at gcc dot gnu dot org  2005-09-12 19:05 -------

I believe this is yet another manifestation of 22309.

-- 
           What    |Removed                     |Added
----------------------------------------------------------------------------
  BugsThisDependsOn|                            |22309
         AssignedTo|unassigned at gcc dot gnu   |bkoz at gcc dot gnu dot org
                   |dot org                     |
             Status|UNCONFIRMED                 |ASSIGNED


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=23591