From owner-freebsd-hackers@FreeBSD.ORG  Mon Dec 31 20:05:02 2007
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 36B3416A417
	for <freebsd-hackers@freebsd.org>; Mon, 31 Dec 2007 20:05:02 +0000 (UTC)
	(envelope-from jasone@freebsd.org)
Received: from canonware.com (canonware.com [64.183.146.166])
	by mx1.freebsd.org (Postfix) with ESMTP id 1CF6013C45A
	for <freebsd-hackers@freebsd.org>; Mon, 31 Dec 2007 20:05:02 +0000 (UTC)
	(envelope-from jasone@freebsd.org)
Received: from [192.168.168.201] (unknown [192.168.168.201])
	by canonware.com (Postfix) with ESMTP id 838BF1298C1;
	Mon, 31 Dec 2007 11:32:32 -0800 (PST)
Message-ID: <477943B3.5080605@freebsd.org>
Date: Mon, 31 Dec 2007 11:32:03 -0800
From: Jason Evans <jasone@freebsd.org>
User-Agent: Thunderbird 1.5.0.12 (X11/20071018)
MIME-Version: 1.0
To: Markus Hoenicka <markus.hoenicka@mhoenicka.de>
References: <18297.6718.750894.937199@yeti.mininet>
In-Reply-To: <18297.6718.750894.937199@yeti.mininet>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-hackers@freebsd.org
Subject: Re: dlopen(), atexit() crash on FreeBSD (testcase included)
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Dec 2007 20:05:02 -0000

Markus Hoenicka wrote:
> I've been redirected by Giorgos Keramidas to this list after reporting
> a problem on the freebsd-questions list. I'd greatly appreciate if you
> could have a look at the following problem. Apparently programs are
> doomed to segfault on FreeBSD if dlopen()ed modules install exit
> handlers via atexit(). Similar problem reports have cropped up before,

It seems to me that you should *expect* a crash under the circumstances 
you describe.  You are dlopen()ing a module, saving a pointer to a 
function within that module, unloading the module, then trying to call a 
function that is no longer mapped.  The only way this could possibly 
work is if dlclose() doesn't really unmap the module.  It is up to the 
programmer to avoid dangling pointers to unmapped modules.  There are 
all sorts of variations on this bug, such as storing a pointer to a 
const string.  You have to be really careful to be able to safely 
dlclose() a module.

Jason