From owner-freebsd-bugs Fri Jan 24 19:12:50 2003 Delivered-To: freebsd-bugs@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1B2E637B401 for ; Fri, 24 Jan 2003 19:12:49 -0800 (PST) Received: from HAL9000.homeunix.com (12-233-57-224.client.attbi.com [12.233.57.224]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9252E43ED8 for ; Fri, 24 Jan 2003 19:12:48 -0800 (PST) (envelope-from dschultz@uclink.Berkeley.EDU) Received: from HAL9000.homeunix.com (localhost [127.0.0.1]) by HAL9000.homeunix.com (8.12.6/8.12.5) with ESMTP id h0P3Cm0A000523; Fri, 24 Jan 2003 19:12:48 -0800 (PST) (envelope-from dschultz@uclink.Berkeley.EDU) Received: (from das@localhost) by HAL9000.homeunix.com (8.12.6/8.12.5/Submit) id h0P3Cl56000522; Fri, 24 Jan 2003 19:12:47 -0800 (PST) (envelope-from dschultz@uclink.Berkeley.EDU) Date: Fri, 24 Jan 2003 19:12:47 -0800 From: David Schultz To: diego el gordito Cc: freebsd-bugs@FreeBSD.ORG Subject: Re: pthreads bug - memory leak Message-ID: <20030125031247.GA300@HAL9000.homeunix.com> Mail-Followup-To: diego el gordito , freebsd-bugs@FreeBSD.ORG References: <20030124212910.79359.qmail@web14503.mail.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030124212910.79359.qmail@web14503.mail.yahoo.com> Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Thus spake diego el gordito : > It seems to me that I've found a bug in the pthreads > library which leads to a huge memory leak. I haven't > bothered to look at the sources since it really > doesn't seem too serious (for an attack). > > Tested in OpenBSD 3.1 and 3.2 GENERIC#0 also found in > FreeBSD and I'm still missing other operating systems > to test it on. The linux implementation didn't seem > vulnerable. > > The bug shows up when calling pthread_cond_timedwait() > from the main program thread (not a thread created > with pthread_create()). I'm not 100% sure but there > must be some other functions of the library which get > executed through the same conditions and therefore > leak memory. Your code seems to have a bug. You can't use the static initializers like PTHREAD_COND_INITIALIZER to initialize automatic variables. Either make condition_cond static, or use pthread_cond_init() and pthread_cond_destroy() instead, and likewise for mutexes. Your code probably happened to work in Linux because you happen to be passing the same stack address in each call to the pthreads functions. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message