From owner-freebsd-bugs Thu May 11 10:10:11 2000 Delivered-To: freebsd-bugs@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 71B4D37BBA9 for ; Thu, 11 May 2000 10:10:01 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id KAA11074; Thu, 11 May 2000 10:10:00 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from mail.targetnet.com (mail.targetnet.com [207.245.246.3]) by hub.freebsd.org (Postfix) with ESMTP id F3D4537BB60 for ; Thu, 11 May 2000 10:04:19 -0700 (PDT) (envelope-from james@targetnet.com) Received: from james by mail.targetnet.com with local (Exim 3.02 #1) id 12pwNn-0000Bl-00 for FreeBSD-gnats-submit@freebsd.org; Thu, 11 May 2000 13:04:19 -0400 Message-Id: Date: Thu, 11 May 2000 13:04:19 -0400 From: James FitzGibbon Reply-To: james@targetnet.com To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.2 Subject: misc/18504: Memory leak in uthread_set_name_np Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 18504 >Category: misc >Synopsis: pthread_set_name_np leaks memory >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu May 11 10:10:00 PDT 2000 >Closed-Date: >Last-Modified: >Originator: James FitzGibbon >Release: FreeBSD 3.2-RELEASE i386 (but still present in -current) >Organization: Targetnet.com Inc. >Environment: Any pthread program using the non-portable pthread_set_name_np function (defined in /usr/include/pthread_private.h) >Description: struct pthread contains a member variable "char *name", which is used to store the name of the thread. pthread_set_name_np is used to set this member variable. There are several problems: - pthread_create does not set the member to a known valid state (NULL) - pthread_set_name_np does not check if the member is NULL before assigning the return value of strdup to it. - the garbage collector thread (lib/libc_r/uthread/uthread_gc.c) does not free the memory used by the member, if any. >How-To-Repeat: Call pthread_set_name_np multiple times. The program will leak as many bytes as are passed as to pthread_set_name_np. >Fix: The following patch addresses the above three issues. diff -ru /usr/src/lib/libc_r/uthread/uthread_create.c uthread/uthread_create.c --- /usr/src/lib/libc_r/uthread/uthread_create.c Thu Mar 23 02:06:40 2000 +++ uthread/uthread_create.c Thu May 11 12:47:49 2000 @@ -164,6 +164,7 @@ new_thread->slice_usec = -1; new_thread->sig_saved = 0; new_thread->stack = stack; + new_thread->name = NULL; new_thread->start_routine = start_routine; new_thread->arg = arg; diff -ru /usr/src/lib/libc_r/uthread/uthread_gc.c uthread/uthread_gc.c --- /usr/src/lib/libc_r/uthread/uthread_gc.c Tue Dec 28 13:13:02 1999 +++ uthread/uthread_gc.c Thu May 11 12:53:15 2000 @@ -243,6 +243,13 @@ free(p_stack); if (pthread_cln != NULL) /* + Free the memory allocated for the thread + name, if any + /* + if( pthread_cln.name != NULL ) { + free(pthread_cln.name); + } + /* * Free the memory allocated for the thread * structure. */ diff -ru /usr/src/lib/libc_r/uthread/uthread_info.c uthread/uthread_info.c --- /usr/src/lib/libc_r/uthread/uthread_info.c Wed Sep 29 11:18:38 1999 +++ uthread/uthread_info.c Thu May 11 12:48:32 2000 @@ -305,6 +305,10 @@ { /* Check if the caller has specified a valid thread: */ if (thread != NULL && thread->magic == PTHREAD_MAGIC) + /* Free the existing name, if any */ + if( thread->name != NULL ) { + free(thread_name); + } thread->name = strdup(name); return; } The patch is relative to RELENG_4, but should apply to -current as well. After the standard wait period, a MFC to RELENG_4 (and RELENG_3 if possible) would be appreciated. >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message