Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sources.redhat.com/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
From:	"Ralf Habacker" <Ralf DOT Habacker AT freenet DOT de>
To:	"cygwin" <cygwin AT cygwin DOT com>
Subject:	problem with mutexattr initialisation
Date:	Sat, 30 Nov 2002 02:28:17 +0100
Message-ID:	<002401c2980f$c24bbcb0$0a1c440a@BRAMSCHE>
MIME-Version:	1.0
X-Priority:	3 (Normal)
X-MSMail-Priority:	Normal
X-MimeOLE:	Produced By Microsoft MimeOLE V5.50.4133.2400
Importance:	Normal

Hi,

while porting the threaded qt-3 release to cygwin, it seems to me, that there is
a bug in the current pthread implementation.

The problem:

Parts of the qt-3 thread initialisation code (which works under linux) look like
below:

	<snip>
    pthread_mutexattr_t attr;
    pthread_mutexattr_init(&attr);
	<snip>

which lets attr undefined. In the example with gcc (2.59.3-5)/ld the
(stack-)content is 0xc, which lets pthread_mutexattr_init() crash.

A look into the code shows:

__pthread_mutexattr_init (pthread_mutexattr_t *attr)
{
[1]  if (pthread_mutexattr::isGoodObject (attr))
	// calls -> verifyable_object_isvalid ->
check_valid_pointer ->IsBadWritePtr(*attr) -> segfault!!
[1]   return EBUSY;

  *attr = new pthread_mutexattr ();
  if (!pthread_mutexattr::isGoodObject (attr))
    {
      delete (*attr);
      *attr = NULL;
      return ENOMEM;
    }
  return 0;
}

The definition of this functions in
http://www.opengroup.org/onlinepubs/007904975/functions/pthread_mutexattr_init.h
tml tells me, that pthread_mutexattr_init() should initialise attr, but how
should attr be a good object [1], when pthread_mutexattr_init hasn't done any
initialisation.  This seems to me as a violation of the definition.

further details

verifyable_object_state
verifyable_object_isvalid (void const * objectptr, long magic, void *static_ptr)
{
  verifyable_object **object = (verifyable_object **)objectptr;
  if (check_valid_pointer (object))
    return INVALID_OBJECT;
  if (static_ptr && *object == static_ptr)
    return VALID_STATIC_OBJECT;
  if (!*object)
    return INVALID_OBJECT;
  if (check_valid_pointer (*object))
    return INVALID_OBJECT;
^^^^^^ here it crashes

  if ((*object)->magic != magic)
    return INVALID_OBJECT;
  return VALID_OBJECT;
}

The following patch seems to fix this, but I'm not sure, if I have overseen
something.

$ cvs diff -p thread.cc
Index: thread.cc
===================================================================
RCS file: /cvs/src/src/winsup/cygwin/thread.cc,v
retrieving revision 1.106
diff -u -3 -p -B -p -r1.106 thread.cc
--- thread.cc   24 Nov 2002 13:54:14 -0000      1.106
+++ thread.cc   30 Nov 2002 01:24:04 -0000
@@ -2416,8 +2416,8 @@ __pthread_mutexattr_init (pthread_mu
 int
 __pthread_mutexattr_init (pthread_mutexattr_t *attr)
 {
-  if (pthread_mutexattr::isGoodObject (attr))
-    return EBUSY;
+  if (check_valid_pointer (attr))
+    return EINVAL;

   *attr = new pthread_mutexattr ();
   if (!pthread_mutexattr::isGoodObject (attr))

---------------------------------------------------------------------

2002-11-30  Ralf Habacker  <ralf DOT habacker AT freenet DOT de>

      * thread.cc (__pthread_mutexattr_init ): fixed seg fault
      if parameter content is undefined.



Hops that help

Ralf


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -