public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug libc/10018] New: malloc thread-safety issues
@ 2009-03-31 7:29 clement dot stenac at exalead dot com
2009-03-31 7:30 ` [Bug libc/10018] " clement dot stenac at exalead dot com
` (2 more replies)
0 siblings, 3 replies; 5+ messages in thread
From: clement dot stenac at exalead dot com @ 2009-03-31 7:29 UTC (permalink / raw)
To: glibc-bugs
The attached program (corruption.c) exposes a memory corruption issue with
malloc running on multithread.
The corruption has been reproduced on several computers running various Linux
distributions, and with glibc ranging from 2.5 to 2.9. It has not been
reproduced on glibc 2.3
The corruption has been reproduced on 2,4 and 8 cores machines. It has not been
reproduced on monocore machines. It has only been reproduced on x86_64, not on x86
The attached program basically does:
* malloc a buffer of size X
* fill it with a memory pattern
* realloc it to size 2X
* check that the pattern is still ok on [0:X[
On the attached program, depending on X, the last Y bytes are corrupted, with Y
ranging from 0 to 8. Several runs of a few seconds might be required to expose
the bug.
Here is the complete matrix of reproduction cases.
Distro Cpu Cores Libc GCC Kernel Vulnerable
Debian Etch x86-64 8 2.3 4.1.2 2.6.27 No
Debian Lenny ?? 2 2.7 4.3.2 ? No
RH5 x86-64 4 2.5 4.1.2 2.6.18 Yes
Gentoo x86-64 4 2.8 4.1.2 2.6.27 Yes
CentOS 5.2 x86-64 4 2.5 4.1.2 2.6.18 Yes
Debian Sid x86 1 2.9 4.3.3 2.6.26 No
RH4 x86-64 2 2.3 3.4 2.6.9 No
Gentoo x86-64 4 2.6.1 4.1.2 2.6.25 Yes
Gentoo x86-64 2 2.5 4.1.1 2.6.20 Yes
Gentoo x86-64 8 2.6.1 4.1.1 2.6.28 Yes
Debian Sid x86 2 2.9 4.3.3 2.6.26 No
Debian Testing x86-64 2 2.7 4.1.2 2.6.26 Yes
This might be related to BUG 6952
(if it's related, then it probably produces an easier reproduction case)
--
Summary: malloc thread-safety issues
Product: glibc
Version: 2.8
Status: NEW
Severity: normal
Priority: P2
Component: libc
AssignedTo: drepper at redhat dot com
ReportedBy: clement dot stenac at exalead dot com
CC: glibc-bugs at sources dot redhat dot com
http://sourceware.org/bugzilla/show_bug.cgi?id=10018
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug libc/10018] malloc thread-safety issues
2009-03-31 7:29 [Bug libc/10018] New: malloc thread-safety issues clement dot stenac at exalead dot com
@ 2009-03-31 7:30 ` clement dot stenac at exalead dot com
2009-04-04 14:39 ` Florian dot Douetteau at exalead dot com
2009-11-01 16:48 ` drepper at redhat dot com
2 siblings, 0 replies; 5+ messages in thread
From: clement dot stenac at exalead dot com @ 2009-03-31 7:30 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From clement dot stenac at exalead dot com 2009-03-31 07:30 -------
Created an attachment (id=3858)
--> (http://sourceware.org/bugzilla/attachment.cgi?id=3858&action=view)
Minimal test case exposing the problem
--
http://sourceware.org/bugzilla/show_bug.cgi?id=10018
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug libc/10018] malloc thread-safety issues
2009-03-31 7:29 [Bug libc/10018] New: malloc thread-safety issues clement dot stenac at exalead dot com
2009-03-31 7:30 ` [Bug libc/10018] " clement dot stenac at exalead dot com
@ 2009-04-04 14:39 ` Florian dot Douetteau at exalead dot com
2009-11-01 16:48 ` drepper at redhat dot com
2 siblings, 0 replies; 5+ messages in thread
From: Florian dot Douetteau at exalead dot com @ 2009-04-04 14:39 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From Florian dot Douetteau at exalead dot com 2009-04-04 14:39 -------
The corruption has also been reproduced on this system :
Distro Cpu Cores Libc GCC Kernel Vulnerable
Gentoo x86-64 8 2.8 4.3.2 2.6.27 Yes
When compiling glibc 2.9 out of the box on this system,
from
ftp://sources.redhat.com/pub/glibc/releases/glibc-libidn-2.9.tar.gz
and LD_PRELOADing it the corruption disappears.
When reverse applying this patch, on 2.9 sources
http://sourceware.org/cgi-bin/cvsweb.cgi/libc/malloc/malloc.c.diff?r1=1.189&r2=1.190&cvsroot=glibc
(comment: (public_rEALLOc): When new arena is used, copy really all bytes)
and recompiling, the corruption reappers.
--
http://sourceware.org/bugzilla/show_bug.cgi?id=10018
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug libc/10018] malloc thread-safety issues
2009-03-31 7:29 [Bug libc/10018] New: malloc thread-safety issues clement dot stenac at exalead dot com
2009-03-31 7:30 ` [Bug libc/10018] " clement dot stenac at exalead dot com
2009-04-04 14:39 ` Florian dot Douetteau at exalead dot com
@ 2009-11-01 16:48 ` drepper at redhat dot com
2 siblings, 0 replies; 5+ messages in thread
From: drepper at redhat dot com @ 2009-11-01 16:48 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From drepper at redhat dot com 2009-11-01 16:48 -------
(In reply to comment #2)
> When reverse applying this patch, on 2.9 sources
> and recompiling, the corruption reappers.
Which means the bug is fixed. Why didn't you close it then?
--
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
http://sourceware.org/bugzilla/show_bug.cgi?id=10018
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug libc/10018] malloc thread-safety issues
[not found] <bug-10018-131@http.sourceware.org/bugzilla/>
@ 2014-07-01 7:27 ` fweimer at redhat dot com
0 siblings, 0 replies; 5+ messages in thread
From: fweimer at redhat dot com @ 2014-07-01 7:27 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=10018
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |fweimer at redhat dot com
Flags| |security-
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2014-07-01 7:27 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2009-03-31 7:29 [Bug libc/10018] New: malloc thread-safety issues clement dot stenac at exalead dot com
2009-03-31 7:30 ` [Bug libc/10018] " clement dot stenac at exalead dot com
2009-04-04 14:39 ` Florian dot Douetteau at exalead dot com
2009-11-01 16:48 ` drepper at redhat dot com
[not found] <bug-10018-131@http.sourceware.org/bugzilla/>
2014-07-01 7:27 ` fweimer at redhat dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).