From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 16516 invoked by alias); 23 Jan 2009 15:19:35 -0000 Received: (qmail 16437 invoked by uid 48); 23 Jan 2009 15:19:18 -0000 Date: Fri, 23 Jan 2009 15:19:00 -0000 Message-ID: <20090123151918.16436.qmail@sourceware.org> From: "bbuesker at qualcomm dot com" To: glibc-bugs@sources.redhat.com In-Reply-To: <20081211084103.7094.pavel.smolenskiy@gmail.com> References: <20081211084103.7094.pavel.smolenskiy@gmail.com> Reply-To: sourceware-bugzilla@sourceware.org Subject: [Bug nptl/7094] Bug in creating/deleting posix per process timers with SIGEV_THREAD notification method X-Bugzilla-Reason: CC Mailing-List: contact glibc-bugs-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-owner@sourceware.org X-SW-Source: 2009-01/txt/msg00115.txt.bz2 ------- Additional Comments From bbuesker at qualcomm dot com 2009-01-23 15:19 ------- I concur with the patch. An easy way to verify the fix is by running the app under valgrind. Here is the output before the patch: ==4907== Memcheck, a memory error detector. ==4907== Copyright (C) 2002-2008, and GNU GPL'd, by Julian Seward et al. ==4907== Using LibVEX rev 1878, a library for dynamic binary translation. ==4907== Copyright (C) 2004-2008, and GNU GPL'd, by OpenWorks LLP. ==4907== Using valgrind-3.4.0, a dynamic binary instrumentation framework. ==4907== Copyright (C) 2000-2008, and GNU GPL'd, by Julian Seward et al. ==4907== For more details, rerun with: -v ==4907== add timer: 0x402c0e0, exp(s,u) = (10, 0) add timer: 0x402c148, exp(s,u) = (10, 0) ==4907== Conditional jump or move depends on uninitialised value(s) ==4907== at 0x94CC94: timer_delete (in /lib/librt-2.9.so) ==4907== by 0x804891C: main (in /var/tmp/a.out) ==4907== ==4907== Thread 2: ==4907== Invalid read of size 4 ==4907== at 0x94DE20: timer_helper_thread (in /lib/librt-2.9.so) ==4907== by 0x81951E: start_thread (in /lib/libpthread-2.9.so) ==4907== by 0x74F04D: clone (in /lib/libc-2.9.so) ==4907== Address 0x402c17c is 52 bytes inside a block of size 56 free'd ==4907== at 0x4005B6A: free (in /opt/share/buildtools-f10-i386/lib/valgrind/x86-linux/vgpreload_memcheck.so) ==4907== by 0x94CC9D: timer_delete (in /lib/librt-2.9.so) ==4907== by 0x804891C: main (in /var/tmp/a.out) timer_expire_func(): called: 0x8049c3c ^C==4907== ==4907== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 15 from 1) ==4907== malloc/free: in use at exit: 328 bytes in 3 blocks. ==4907== malloc/free: 6 allocs, 3 frees, 528 bytes allocated. ==4907== For counts of detected errors, rerun with: -v ==4907== Use --track-origins=yes to see where uninitialised values come from ==4907== searching for pointers to 3 not-freed blocks. ==4907== checked 10,568,324 bytes. ==4907== ==4907== LEAK SUMMARY: ==4907== definitely lost: 0 bytes in 0 blocks. ==4907== possibly lost: 272 bytes in 2 blocks. ==4907== still reachable: 56 bytes in 1 blocks. ==4907== suppressed: 0 bytes in 0 blocks. ==4907== Rerun with --leak-check=full to see details of leaked memory. And here is the output after the patch: ==25782== Memcheck, a memory error detector. ==25782== Copyright (C) 2002-2008, and GNU GPL'd, by Julian Seward et al. ==25782== Using LibVEX rev 1878, a library for dynamic binary translation. ==25782== Copyright (C) 2004-2008, and GNU GPL'd, by OpenWorks LLP. ==25782== Using valgrind-3.4.0, a dynamic binary instrumentation framework. ==25782== Copyright (C) 2000-2008, and GNU GPL'd, by Julian Seward et al. ==25782== For more details, rerun with: -v ==25782== add timer: 0x41e50e0, exp(s,u) = (10, 0) add timer: 0x41e5148, exp(s,u) = (10, 0) timer_expire_func(): called: 0x8049c3c ^C==25782== ==25782== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 18 from 1) ==25782== malloc/free: in use at exit: 328 bytes in 3 blocks. ==25782== malloc/free: 6 allocs, 3 frees, 528 bytes allocated. ==25782== For counts of detected errors, rerun with: -v ==25782== searching for pointers to 3 not-freed blocks. ==25782== checked 10,567,240 bytes. ==25782== ==25782== LEAK SUMMARY: ==25782== definitely lost: 0 bytes in 0 blocks. ==25782== possibly lost: 272 bytes in 2 blocks. ==25782== still reachable: 56 bytes in 1 blocks. ==25782== suppressed: 0 bytes in 0 blocks. ==25782== Rerun with --leak-check=full to see details of leaked memory. -- http://sourceware.org/bugzilla/show_bug.cgi?id=7094 ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.