From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 10258 invoked by alias); 12 Feb 2013 01:36:27 -0000 Received: (qmail 7461 invoked by uid 48); 12 Feb 2013 01:36:11 -0000 From: "gauryogesh.nsit at gmail dot com" To: glibc-bugs@sourceware.org Subject: [Bug dynamic-link/13579] do_lookup_x may access dangling memory Date: Tue, 12 Feb 2013 01:36:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: dynamic-link X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: gauryogesh.nsit at gmail dot com X-Bugzilla-Status: RESOLVED X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: carlos_odonell at mentor dot com X-Bugzilla-Target-Milestone: 2.16 X-Bugzilla-Changed-Fields: CC Message-ID: In-Reply-To: References: X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated Content-Type: text/plain; charset="UTF-8" MIME-Version: 1.0 Mailing-List: contact glibc-bugs-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-owner@sourceware.org X-SW-Source: 2013-02/txt/msg00064.txt.bz2 http://sourceware.org/bugzilla/show_bug.cgi?id=13579 Yogesh Gaur changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |gauryogesh.nsit at gmail | |dot com --- Comment #17 from Yogesh Gaur 2013-02-12 01:36:08 UTC --- I know this issue is closed, but for someone who needs to see the exact test case using which how this bug is reproduced by simple C test code, please find below simple C test case: ***************************** Source Code *********************************** yogesh$ cat lib1.c #include int lib1_func() { return lib2_func(); } ---------------------------------------------- yogesh$ cat lib2.c #include int lib2_func() { return 10; } ---------------------------------------------- yogesh$ cat main.c #include #include #include void *handle; static void *thread_abc() { handle = dlopen ("./lib1.so", RTLD_LAZY | RTLD_GLOBAL); void *func = dlsym (handle, "lib2_func"); printf (" Handle:%p, func:%p \n", handle, func); dlclose (handle); return NULL; } static void *thread_xyz() { handle = dlopen ("./lib1.so", RTLD_LAZY | RTLD_GLOBAL); void *func = dlsym (handle, "lib2_func"); printf (" Handle:%p, func:%p \n", handle, func); dlclose (handle); return NULL; } int main() { pthread_t abc_arr[1000], xyz_arr[1000]; int i=0; handle = dlopen ("./lib1.so", RTLD_LAZY | RTLD_GLOBAL); void *func = dlsym (handle, "lib2_func"); printf ("
Handle:%p, func:%p \n", handle, func); for (i=0;i<10;i++) { pthread_create(&abc_arr[i], NULL, thread_abc, NULL); pthread_create(&xyz_arr[i], NULL, thread_xyz, NULL); } printf ("
Handle:%p, func:%p \n", handle, func); dlclose (handle); for (i=0;i<1000;i++) { pthread_create(&abc_arr[i], NULL, thread_abc, NULL); pthread_create(&xyz_arr[i], NULL, thread_xyz, NULL); } for (i=0;i<10;i++) { pthread_join(abc_arr[i], NULL); pthread_join(xyz_arr[i], NULL); } printf ("Returning from main\n"); return 0; } ************************** Compilation steps ********************* gcc -g -fPIC -shared -o lib2.so lib2.c && gcc -g -fPIC -shared -o lib1.so lib1.c ./lib2.so && gcc -g main.c ./lib1.so ./lib2.so -ldl -lpthread ******************************************************************* With the above test case this issue is 100% reproducible. -- Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.