ia64/91846: TLS: malloc(3) exposes DTLS bug in non-threaded applications

Maxim Sobolev sobomax at FreeBSD.org
Thu Aug 3 04:50:19 UTC 2006 

The following reply was made to PR ia64/91846; it has been noted by GNATS.

From: Maxim Sobolev <sobomax at FreeBSD.org>
To: bug-followup at FreeBSD.org
Cc: marcel at xcllnt.net, jasone at FreeBSD.org
Subject: Re: ia64/91846: TLS: malloc(3) exposes DTLS bug in non-threaded applications
Date: Wed, 02 Aug 2006 21:40:03 -0700

 Apparently, the same bug affects FreeBSD/powerpc:
 
 Loaded symbols for /libexec/ld-elf.so.1
 #0  0x2183f7b4 in tls_get_addr_common (dtvp=0x1a31490, index=2, 
 offset=4294934528) at rtld.c:2663
 2663        if (dtv[0] != tls_dtv_generation) {
 (gdb) bt
 #0  0x2183f7b4 in tls_get_addr_common (dtvp=0x1a31490, index=2, 
 offset=4294934528) at rtld.c:2663
 #1  0x218397f8 in __tls_get_addr (ti=0x21bbf0e8) at 
 /usr/src/libexec/rtld-elf/powerpc/reloc.c:577
 #2  0x21ad3ef8 in choose_arena () at /usr/src/lib/libc/stdlib/malloc.c:1422
 #3  0x21ad8f40 in imalloc (size=480) at 
 /usr/src/lib/libc/stdlib/malloc.c:2662
 #4  0x21ada810 in malloc (size=480) at 
 /usr/src/lib/libc/stdlib/malloc.c:3422
 #5  0x21a1ba90 in _thr_alloc (curthread=0x1a502e0) at 
 /usr/src/lib/libpthread/thread/thr_kern.c:2369
 #6  0x21a021b0 in _pthread_create (thread=0x1ab05a0, attr=0x0, 
 start_routine=0x18109dc <sender_loop>,
      arg=0x1ab0580) at /usr/src/lib/libpthread/thread/thr_create.c:110
 #7  0x01810640 in mux_init (m=0x1ab0580) at 
 /usr/src/usr.bin/csup/../../contrib/csup/mux.c:661
 #8  0x0180f8b0 in mux_open (sock=3, chan=0x7fffdad8) at 
 /usr/src/usr.bin/csup/../../contrib/csup/mux.c:328
 #9  0x018146a4 in proto_mux (config=0x1a118c0) at 
 /usr/src/usr.bin/csup/../../contrib/csup/proto.c:555
 #10 0x018148f4 in proto_run (config=0x1a118c0) at 
 /usr/src/usr.bin/csup/../../contrib/csup/proto.c:617
 #11 0x0180dddc in main (argc=1, argv=0x7fffdcac) at 
 /usr/src/usr.bin/csup/../../contrib/csup/main.c:314
 (gdb) print dtv
 $1 = (Elf_Addr *) 0x0
 (gdb)
 
 Perhaps, TLS is not initialized at the point when malloc is called or 
 something like that.
 
 -Maxim

More information about the freebsd-ia64 mailing list