From owner-freebsd-bugs Wed Feb 14 13:10:14 2001 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 061B937B401 for ; Wed, 14 Feb 2001 13:10:03 -0800 (PST) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.1/8.11.1) id f1ELA2d66506; Wed, 14 Feb 2001 13:10:02 -0800 (PST) (envelope-from gnats) Date: Wed, 14 Feb 2001 13:10:02 -0800 (PST) Message-Id: <200102142110.f1ELA2d66506@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org Cc: From: Tor.Egge@fast.no Subject: Re: bin/15070: vfprintf/cvt/__dtoa race condition in threaded programs Reply-To: Tor.Egge@fast.no Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org The following reply was made to PR bin/15070; it has been noted by GNATS. From: Tor.Egge@fast.no To: Daniel Eischen , jdp@polstra.com Cc: freebsd-gnats-submit@FreeBSD.org, Mike Smith Subject: Re: bin/15070: vfprintf/cvt/__dtoa race condition in threaded programs Date: Wed, 14 Feb 2001 22:02:36 +0100 An updated patch that doesn't use spinlocks is enclosed. - Tor Egge Index: lib/libc/stdio/vfprintf.c =================================================================== RCS file: /home/ncvs/src/lib/libc/stdio/vfprintf.c,v retrieving revision 1.27 diff -u -r1.27 vfprintf.c --- lib/libc/stdio/vfprintf.c 2001/02/10 06:25:33 1.27 +++ lib/libc/stdio/vfprintf.c 2001/02/10 22:29:23 @@ -268,7 +268,7 @@ #define BUF (MAXEXP+MAXFRACT+1) /* + decimal point */ #define DEFPREC 6 -static char *cvt __P((double, int, int, char *, int *, int, int *)); +static char *cvt __P((double, int, int, char *, int *, int, int *, char **)); static int exponent __P((char *, int, int)); #else /* no FLOATING_POINT */ @@ -315,6 +315,7 @@ int expsize; /* character count for expstr */ int ndig; /* actual number of digits returned by cvt */ char expstr[7]; /* buffer for exponent string */ + char *dtoaresult; /* buffer allocated by dtoa */ #endif u_long ulval; /* integer arguments %[diouxX] */ u_quad_t uqval; /* %q integers */ @@ -423,6 +424,9 @@ } +#ifdef FLOATING_POINT + dtoaresult = NULL; +#endif /* sorry, fprintf(read_only_file, "") returns EOF, not 0 */ if (cantwrite(fp)) return (EOF); @@ -608,8 +612,12 @@ break; } flags |= FPT; + if (dtoaresult != NULL) { + free(dtoaresult); + dtoaresult = NULL; + } cp = cvt(_double, prec, flags, &softsign, - &expt, ch, &ndig); + &expt, ch, &ndig, &dtoaresult); if (ch == 'g' || ch == 'G') { if (expt <= -4 || expt > prec) ch = (ch == 'g') ? 'e' : 'E'; @@ -864,6 +872,10 @@ done: FLUSH(); error: +#ifdef FLOATING_POINT + if (dtoaresult != NULL) + free(dtoaresult); +#endif if (__sferror(fp)) ret = EOF; if ((argtable != NULL) && (argtable != statargtable)) @@ -1195,11 +1207,11 @@ #ifdef FLOATING_POINT -extern char *__dtoa __P((double, int, int, int *, int *, char **)); +extern char *__dtoa __P((double, int, int, int *, int *, char **, char **)); static char * cvt(double value, int ndigits, int flags, char *sign, int *decpt, - int ch, int *length) + int ch, int *length, char **dtoaresultp) { int mode, dsgn; char *digits, *bp, *rve; @@ -1221,7 +1233,8 @@ *sign = '-'; } else *sign = '\000'; - digits = __dtoa(value, mode, ndigits, decpt, &dsgn, &rve); + digits = __dtoa(value, mode, ndigits, decpt, &dsgn, &rve, + dtoaresultp); if ((ch != 'g' && ch != 'G') || flags & ALT) { /* print trailing zeros */ bp = digits + ndigits; Index: lib/libc/stdlib/netbsd_strtod.c =================================================================== RCS file: /home/ncvs/src/lib/libc/stdlib/netbsd_strtod.c,v retrieving revision 1.4 diff -u -r1.4 netbsd_strtod.c --- lib/libc/stdlib/netbsd_strtod.c 2001/02/09 20:31:47 1.4 +++ lib/libc/stdlib/netbsd_strtod.c 2001/02/14 20:53:26 @@ -142,7 +142,7 @@ #include "memory.h" #endif #endif -char *__dtoa __P((double, int, int, int *, int *, char **)); +char *__dtoa __P((double, int, int, int *, int *, char **, char **)); #ifdef MALLOC #ifdef KR_headers @@ -382,8 +382,6 @@ typedef struct Bigint Bigint; - static Bigint *freelist[Kmax+1]; - static Bigint * Balloc #ifdef KR_headers @@ -395,15 +393,10 @@ int x; Bigint *rv; - if ((rv = freelist[k]) != NULL) { - freelist[k] = rv->next; - } - else { - x = 1 << k; - rv = (Bigint *)MALLOC(sizeof(Bigint) + (x-1)*sizeof(Long)); - rv->k = k; - rv->maxwds = x; - } + x = 1 << k; + rv = (Bigint *)MALLOC(sizeof(Bigint) + (x-1)*sizeof(Long)); + rv->k = k; + rv->maxwds = x; rv->sign = rv->wds = 0; return rv; } @@ -416,10 +409,7 @@ (Bigint *v) #endif { - if (v) { - v->next = freelist[v->k]; - freelist[v->k] = v; - } + free(v); } #define Bcopy(x,y) memcpy((char *)&x->sign, (char *)&y->sign, \ @@ -1900,10 +1890,11 @@ char * __dtoa #ifdef KR_headers - (d, mode, ndigits, decpt, sign, rve) - double d; int mode, ndigits, *decpt, *sign; char **rve; + (d, mode, ndigits, decpt, sign, rve, resultp) + double d; int mode, ndigits, *decpt, *sign; char **rve, **resultp; #else - (double d, int mode, int ndigits, int *decpt, int *sign, char **rve) + (double d, int mode, int ndigits, int *decpt, int *sign, char **rve, + char **resultp) #endif { /* Arguments ndigits, decpt, sign are similar to those @@ -1953,15 +1944,6 @@ Bigint *mlo = NULL; /* pacify gcc */ double d2, ds, eps; char *s, *s0; - static Bigint *result; - static int result_k; - - if (result) { - result->k = result_k; - result->maxwds = 1 << result_k; - Bfree(result); - result = 0; - } if (word0(d) & Sign_bit) { /* set sign for everything, including 0's and NaNs */ @@ -2123,11 +2105,8 @@ if (i <= 0) i = 1; } - j = sizeof(ULong); - for(result_k = 0; sizeof(Bigint) - sizeof(ULong) + j <= i; - j <<= 1) result_k++; - result = Balloc(result_k); - s = s0 = (char *)result; + *resultp = (char *) malloc(i + 1); + s = s0 = *resultp; if (ilim >= 0 && ilim <= Quick_max && try_quick) { Index: lib/libc/stdlib/strtod.c =================================================================== RCS file: /home/ncvs/src/lib/libc/stdlib/strtod.c,v retrieving revision 1.6 diff -u -r1.6 strtod.c --- lib/libc/stdlib/strtod.c 2001/02/10 05:05:09 1.6 +++ lib/libc/stdlib/strtod.c 2001/02/14 20:53:26 @@ -372,8 +372,6 @@ typedef struct Bigint Bigint; - static Bigint *freelist[Kmax+1]; - static Bigint * Balloc #ifdef KR_headers @@ -385,14 +383,10 @@ int x; Bigint *rv; - if ( (rv = freelist[k]) ) { - freelist[k] = rv->next; - } else { - x = 1 << k; - rv = (Bigint *)malloc(sizeof(Bigint) + (x-1)*sizeof(long)); - rv->k = k; - rv->maxwds = x; - } + x = 1 << k; + rv = (Bigint *)malloc(sizeof(Bigint) + (x-1)*sizeof(long)); + rv->k = k; + rv->maxwds = x; rv->sign = rv->wds = 0; return rv; } @@ -405,10 +399,7 @@ (Bigint *v) #endif { - if (v) { - v->next = freelist[v->k]; - freelist[v->k] = v; - } + free(v); } #define Bcopy(x,y) memcpy((char *)&x->sign, (char *)&y->sign, \ @@ -1844,10 +1835,11 @@ char * __dtoa #ifdef KR_headers - (d, mode, ndigits, decpt, sign, rve) - double d; int mode, ndigits, *decpt, *sign; char **rve; + (d, mode, ndigits, decpt, sign, rve, resultp) + double d; int mode, ndigits, *decpt, *sign; char **rve, **resultp; #else - (double d, int mode, int ndigits, int *decpt, int *sign, char **rve) + (double d, int mode, int ndigits, int *decpt, int *sign, char **rve, + char **resultp) #endif { /* Arguments ndigits, decpt, sign are similar to those @@ -1895,15 +1887,6 @@ Bigint *b, *b1, *delta, *mlo, *mhi, *S; double d2, ds, eps; char *s, *s0; - static Bigint *result; - static int result_k; - - if (result) { - result->k = result_k; - result->maxwds = 1 << result_k; - Bfree(result); - result = 0; - } if (word0(d) & Sign_bit) { /* set sign for everything, including 0's and NaNs */ @@ -2062,11 +2045,8 @@ if (i <= 0) i = 1; } - j = sizeof(unsigned long); - for (result_k = 0; sizeof(Bigint) - sizeof(unsigned long) + j < i; - j <<= 1) result_k++; - result = Balloc(result_k); - s = s0 = (char *)result; + *resultp = (char *) malloc(i + 1); + s = s0 = *resultp; if (ilim >= 0 && ilim <= Quick_max && try_quick) { To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message