From owner-freebsd-bugs  Fri Jan 24 13:29:18 2003
Delivered-To: freebsd-bugs@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id AC27E37B401
	for <freebsd-bugs@freebsd.org>; Fri, 24 Jan 2003 13:29:16 -0800 (PST)
Received: from web14503.mail.yahoo.com (web14503.mail.yahoo.com [216.136.224.66])
	by mx1.FreeBSD.org (Postfix) with SMTP id 595F243E4A
	for <freebsd-bugs@freebsd.org>; Fri, 24 Jan 2003 13:29:16 -0800 (PST)
	(envelope-from diegoelgordito@yahoo.com)
Message-ID: <20030124212910.79359.qmail@web14503.mail.yahoo.com>
Received: from [200.68.65.245] by web14503.mail.yahoo.com via HTTP; Fri, 24 Jan 2003 13:29:10 PST
Date: Fri, 24 Jan 2003 13:29:10 -0800 (PST)
From: diego el gordito <diegoelgordito@yahoo.com>
Subject: pthreads bug - memory leak
To: freebsd-bugs@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-bugs.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-bugs>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-bugs>
X-Loop: FreeBSD.org

Greetings list, this is the first e-mail I write in
here.

It seems to me that I've found a bug in the pthreads
library which leads to a huge memory leak. I haven't
bothered to look at the sources since it really
doesn't seem too serious (for an attack).

Tested in OpenBSD 3.1 and 3.2 GENERIC#0 also found in
FreeBSD and I'm still missing other operating systems
to test it on. The linux implementation didn't seem
vulnerable.

The bug shows up when calling pthread_cond_timedwait()
from the main program thread (not a thread created
with pthread_create()). I'm not 100% sure but there
must be some other functions of the library which get
executed through the same conditions and therefore
leak memory.

I've created a proof of concept code which just loops
all the time calling pthread_cond_timedwait(). After
running the code for half a minute use CTRL+Z to stop
the program flow and check the amount of used memory
by the process.

Since I haven't had the time to read the policies of
this mailing list I haven't attached neither the code
nor the notes on my findings for keeping the peace
among you all.

You may find bug.c (proof of concept code) at
http://www.ysm.com.ar/pthreads_bug.c

Additional output Notes at
http://www.ysm.com.ar/pthreads_notes

I hope this helps since I need it fixed as soon as
possible.

Thank you all again,

rad2k at mail dot ru.
----------------------

__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message