From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 5963 invoked by alias); 30 Jan 2011 15:14:32 -0000 Received: (qmail 5953 invoked by uid 22791); 30 Jan 2011 15:14:31 -0000 X-SWARE-Spam-Status: No, hits=-2.7 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00 X-Spam-Check-By: sourceware.org Received: from localhost (HELO sourceware.org) (127.0.0.1) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Sun, 30 Jan 2011 15:14:27 +0000 From: "Martin.vGagern at gmx dot net" To: glibc-bugs@sources.redhat.com Subject: [Bug libc/12453] New: Broken thread local storage (TLS) initialization X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: libc X-Bugzilla-Keywords: X-Bugzilla-Severity: critical X-Bugzilla-Who: Martin.vGagern at gmx dot net X-Bugzilla-Status: NEW X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: drepper.fsp at gmail dot com X-Bugzilla-Target-Milestone: --- X-Bugzilla-Changed-Fields: Message-ID: X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated Content-Type: text/plain; charset="UTF-8" MIME-Version: 1.0 Date: Sun, 30 Jan 2011 15:16:00 -0000 Mailing-List: contact glibc-bugs-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-owner@sourceware.org X-SW-Source: 2011-01/txt/msg00103.txt.bz2 http://sourceware.org/bugzilla/show_bug.cgi?id=12453 Summary: Broken thread local storage (TLS) initialization Product: glibc Version: 2.12 Status: NEW Severity: critical Priority: P2 Component: libc AssignedTo: drepper.fsp@gmail.com ReportedBy: Martin.vGagern@gmx.net Created attachment 5218 --> http://sourceware.org/bugzilla/attachment.cgi?id=5218 Script reproducing the issue When dynamically loading a library along with several dependencies, calls to _dl_add_to_slotinfo and _dl_update_slotinfo can become intermixed. As a consequence, _dl_update_slotinfo will update the generation counter of the dtv although not all of the slots belonging to that generation have been added. Subsequent calls to _dl_add_to_slotinfo will add more slots to the same generation, for which no storage will be allocated, as the dtv generation checks will claim no work is necessary. This will lead to uninitialized dtv entries and will likely cause a SIGSEGV when thread local variables are accessed. The attached script, when executed in an empty directory on a GNU/Linux x86_64 system, and probably under other circumstances as well, will demonstrate the problem. It will print ./demo &tbaz=(nil) glibc-tls-bug.sh: line 75: 1752 Segmentation fault "$@" where you see that the address of the thread local variable tbaz is NULL, and the referencing that variable causes a segmentation fault. -- Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.