Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 3 Sep 2015 10:15:36 -0400
From: Rich Felker <dalias@...c.org>
To: musl@...ts.openwall.com
Subject: Re: Using PTHREAD_MUTEX_RECURSIVE and
 PTHREAD_MUTEX_ERRORCHECK leads to segmentation fault

On Thu, Sep 03, 2015 at 03:44:57PM +0300, Eugene wrote:
> Hello,
> 
> I have problem with mutexes of type PTHREAD_MUTEX_RECURSIVE and
> PTHREAD_MUTEX_ERRORCHECK.
> Using this mutexes sometimes leads to segmentation fault in
> functions __pthread_mutex_trylock_owner() and
> __pthread_mutex_unlock().
> Problem is floating and very bad reproducible with library PJSIP.

Do you have a way to reproduce it without an actual SIP
configuration/deployment?

> Broken places are following.
> 
> __pthread_mutex_unlock():
>  24                 if (next != &self->robust_list.head) *(volatile
> void *volatile *)
>  25                         ((char *)next - sizeof(void *)) = prev;
> 
> 
> __pthread_mutex_trylock_owner():
>  37         if (next != &self->robust_list.head) *(volatile void
> *volatile *)
>  38                 ((char *)next - sizeof(void *)) = &m->_m_next;

This is almost surely a bug in the caller but I'd like to look into
it. My guess is that they're destroying or freeing mutexes that are
locked.

Rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.