Bug#443660: libc6: dgettext not thread-safe

To: rdenis@simphalempin.com, 443660@bugs.debian.org
Subject: Bug#443660: libc6: dgettext not thread-safe
From: Pierre Habouzit <madcoder@debian.org>
Date: Sun, 23 Sep 2007 11:15:31 +0200
Message-id: <[🔎] 20070923091531.GB7118@artemis.corp>
Reply-to: Pierre Habouzit <madcoder@debian.org>, 443660@bugs.debian.org
In-reply-to: <[🔎] 200709231115.45474.rem@videolan.org>
References: <[🔎] 200709231115.45474.rem@videolan.org>

On Sun, Sep 23, 2007 at 08:15:45AM +0000, Rémi Denis-Courmont wrote:
> #include <stdio.h>
> #include <pthread.h>
> #include <locale.h>
> #include <libintl.h>
> 
> static void *run (void *dummy)
> {
>         (void)dummy;
> 
>         for (;;)
>                 printf ("Translation code: %s\n", dgettext("vlc", "C"));
> }
> 
> int main (void)
> {
>         unsigned i;
>         setlocale (LC_ALL, "");
>         bindtextdomain ("vlc", "/usr/share/locale");
> 
>         pthread_t threads[300];
>         for (i = 0; i < sizeof (threads) / sizeof (threads[0]); i++)
>                 pthread_create (threads + i, NULL, run, NULL);
> 
>         run (NULL);
>         return 0;
> }
> 
> When the problem occurs under valgrind, it complains:
> 
> ==3535== Thread 3:
> ==3535== Invalid read of size 4
  This is probably because of a speculative strcmp (libc sometimes reads
outside the string because it knows it can).
> ==3535==    at 0x4063F0B: _nl_find_msg (dcigettext.c:862)
> ==3535==    by 0x4064A41: __dcigettext (dcigettext.c:639)
> ==3535==    by 0x4063972: dcgettext (dcgettext.c:53)
> ==3535==    by 0x406399F: dgettext (dgettext.c:54)
> ==3535==    by 0x80484DD: run (in /home/remi/a.out)
> ==3535==    by 0x402D2D2: start_thread (pthread_create.c:296)
> ==3535==    by 0x41124ED: clone (in /usr/lib/debug/libc-2.6.1.so)


> ==3535==  Address 0x418C91C is 0 bytes after a block of size 12 alloc'd
> ==3535==    at 0x4024862: realloc (vg_replace_malloc.c:306)
> ==3535==    by 0x4063FF1: _nl_find_msg (dcigettext.c:876)
> ==3535==    by 0x4064A41: __dcigettext (dcigettext.c:639)
> ==3535==    by 0x4063972: dcgettext (dcgettext.c:53)
> ==3535==    by 0x406399F: dgettext (dgettext.c:54)
> ==3535==    by 0x80484DD: run (in /home/remi/a.out)
> ==3535==    by 0x402D2D2: start_thread (pthread_create.c:296)
> ==3535==    by 0x41124ED: clone (in /usr/lib/debug/libc-2.6.1.so)
  This one though looks fishy.


> There appears to be a similar issue with strerror_r() also.
  Have you looked at the code ? I can tell it's thread safe, except that
it calls _("Unknown error") at some point, which would indicate to be
the same bug as yours, the rest is definitely thread safe.

-- 
·O·  Pierre Habouzit
··O                                                madcoder@debian.org
OOO                                                http://www.madism.org

Attachment: pgp048KfrWXOf.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Bug#443660: libc6: dgettext not thread-safe
  - From: Rémi Denis-Courmont <rdenis@simphalempin.com>

References:
- Bug#443660: libc6: dgettext not thread-safe
  - From: Rémi Denis-Courmont <rem@videolan.org>

Prev by Date: Bug#443660: libc6: dgettext not thread-safe
Next by Date: Processed: bug 443660 is forwarded to http://sourceware.org/bugzilla/show_bug.cgi?id=5058
Previous by thread: Bug#443660: libc6: dgettext not thread-safe
Next by thread: Bug#443660: libc6: dgettext not thread-safe
Index(es):
- Date
- Thread