public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug libc/26342] New: popen is not really thread-safe
@ 2020-08-07 3:01 1522495332 at qq dot com
2020-08-07 7:16 ` [Bug libc/26342] " fweimer at redhat dot com
0 siblings, 1 reply; 2+ messages in thread
From: 1522495332 at qq dot com @ 2020-08-07 3:01 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=26342
Bug ID: 26342
Summary: popen is not really thread-safe
Product: glibc
Version: unspecified
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: libc
Assignee: unassigned at sourceware dot org
Reporter: 1522495332 at qq dot com
CC: drepper.fsp at gmail dot com
Target Milestone: ---
function:
_IO_new_proc_open()
code:
((_IO_proc_file *) fp)->next = proc_file_chain;
proc_file_chain = (_IO_proc_file *) fp;
these two lines of C code are thread safe, but not necessarily thread safe
after compilation.
the assembly code for glibc-2.17-260.el7.x86_64.rpm is as follows:
0x7fc92ad90267 <+343>: mov 0x358722(%rip),%rax # 0x7fc92b0e8990
<proc_file_chain>
0x7fc92ad9026e <+350>: mov %r12,0x35871b(%rip) # 0x7fc92b0e8990
<proc_file_chain>
0x7fc92ad90275 <+357>: mov %rax,0xe8(%r12) ; r12 = fp
if thread A runs to <+357>, proc_file_chain = r12 = fp, but fp->next has no
assignment and is a random value, thread B runs to fork() in popen,
proc_file_chain->next of child process is also a random value. "for (struct
_IO_proc_file *p = proc_file_chain; p; p = p->next)" maybe coredump.
the assembly code for glibc-2.5-118.el5_10.3.rpm is as follows:
0x3db7661da9 <+329>: mov 0x2f2b80(%rip),%rax # 0x3db7954930
<proc_file_chain>
0x3db7661db0 <+336>: addl $0x1,0x2f2b6d(%rip) # 0x3db7954924
<proc_file_chain_lock+4>
0x3db7661db7 <+343>: mov %rax,0xe8(%rbx) ; r12 = fp
0x3db7661dbe <+350>: mov 0x2f2b60(%rip),%eax # 0x3db7954924
<proc_file_chain_lock+4>
0x3db7661dc4 <+356>: mov %rbx,0x2f2b65(%rip) # 0x3db7954930
<proc_file_chain>
there's no problem with that.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 2+ messages in thread
* [Bug libc/26342] popen is not really thread-safe
2020-08-07 3:01 [Bug libc/26342] New: popen is not really thread-safe 1522495332 at qq dot com
@ 2020-08-07 7:16 ` fweimer at redhat dot com
0 siblings, 0 replies; 2+ messages in thread
From: fweimer at redhat dot com @ 2020-08-07 7:16 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=26342
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |RESOLVED
CC| |fweimer at redhat dot com
Resolution|--- |DUPLICATE
Flags| |security-
--- Comment #1 from Florian Weimer <fweimer at redhat dot com> ---
I believe this is a duplicate of bug 22834.
(If you want to raise the possibility of a downstream fix, you need to open a
support case with the appropriate distribution/vendor.)
*** This bug has been marked as a duplicate of bug 22834 ***
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-08-07 7:16 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-08-07 3:01 [Bug libc/26342] New: popen is not really thread-safe 1522495332 at qq dot com
2020-08-07 7:16 ` [Bug libc/26342] " fweimer at redhat dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).