Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 27 Mar 2020 11:23:28 -0700
From: Leonid Shamis <leonid.shamis@...il.com>
To: Rich Felker <dalias@...c.org>
Cc: musl@...ts.openwall.com
Subject: Re: __pthread_mutex_unlock uninitialized value

Apologies. First post. I'll use the official repo from now on.

This was originally brought to my attention via static analysis:

warning: ‘old’ may be used uninitialized in this function
[-Wmaybe-uninitialized]
   __asm__ __volatile__("lock ; cmpxchg %3, %1" : "=a"(t), "=m"(*p) :
"a"(t), "r"(s) : "memory");
   ^~~~~~~

And in my reading, I thought the (type != PTHREAD_MUTEX_NORMAL) only
checked the bottom three bits.

Please disregard this email chain :)

On Fri, Mar 27, 2020 at 11:16 AM Rich Felker <dalias@...c.org> wrote:

> On Fri, Mar 27, 2020 at 10:52:58AM -0700, Leonid Shamis wrote:
> >
> https://github.com/bminor/musl/blob/54ca677983d47529bab8752315ac1a2b49888870/src/thread/pthread_mutex_unlock.c#L34
>
> BTW official git is here:
>
>
> https://git.musl-libc.org/cgit/musl/tree/src/thread/pthread_mutex_unlock.c?id=v1.2.0
>
> > In the case where a mutex:
> > is one of PTHREAD_MUTEX_ERRORCHECK or PTHREAD_MUTEX_RECURSIVE
> > and PTHREAD_PRIO_INHERIT
> >
> > an uninitialized value of 'old' is used to check whether to futex.
>
> Can you elaborate on this? In line 15, old is assigned; this applies
> to all mutex types except plain boring normal (without PI and without
> robust). The condition in line 33 can only be true if type is nonzero
> (not plain boring normal mutex) so I don't see any way it can be used
> uninitialized in line 34. Is your report based on your own reading or
> a static analysis tool?
>
> Rich
>

Content of type "text/html" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.