[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#443660: marked as done (libc6: dgettext not thread-safe)

Your message dated Sun, 16 Dec 2007 15:34:10 +0200
with message-id <200712161534.10343.rdenis@simphalempin.com>
and subject line (no subject)
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message --- 
Package: libc6
Version: 2.6.1-5
Severity: important
Tags: l10n

	Hello,

Recent version of libc6 seems to include a libintl that regularly
crashes when gettext is invoked from different threads simultaneously.
This renders gettext mostly unusable on multi-threaded software.

I had been suspecting a bug in VLC and banging my head around, but it
appears that this can be reproduced with code as simple as the piece
above. It triggers a segmentation fault on a very time-dependant basis.
It seems a lot easier to reproduce under valgrind, though I also get
segfaults when run without debuggers:

#include <stdio.h>
#include <pthread.h>
#include <locale.h>
#include <libintl.h>

static void *run (void *dummy)
{
        (void)dummy;

        for (;;)
                printf ("Translation code: %s\n", dgettext("vlc", "C"));
}

int main (void)
{
        unsigned i;
        setlocale (LC_ALL, "");
        bindtextdomain ("vlc", "/usr/share/locale");

        pthread_t threads[300];
        for (i = 0; i < sizeof (threads) / sizeof (threads[0]); i++)
                pthread_create (threads + i, NULL, run, NULL);

        run (NULL);
        return 0;
}

When the problem occurs under valgrind, it complains:

==3535== Thread 3:
==3535== Invalid read of size 4
==3535==    at 0x4063F0B: _nl_find_msg (dcigettext.c:862)
==3535==    by 0x4064A41: __dcigettext (dcigettext.c:639)
==3535==    by 0x4063972: dcgettext (dcgettext.c:53)
==3535==    by 0x406399F: dgettext (dgettext.c:54)
==3535==    by 0x80484DD: run (in /home/remi/a.out)
==3535==    by 0x402D2D2: start_thread (pthread_create.c:296)
==3535==    by 0x41124ED: clone (in /usr/lib/debug/libc-2.6.1.so)
==3535==  Address 0x418C91C is 0 bytes after a block of size 12 alloc'd
==3535==    at 0x4024862: realloc (vg_replace_malloc.c:306)
==3535==    by 0x4063FF1: _nl_find_msg (dcigettext.c:876)
==3535==    by 0x4064A41: __dcigettext (dcigettext.c:639)
==3535==    by 0x4063972: dcgettext (dcgettext.c:53)
==3535==    by 0x406399F: dgettext (dgettext.c:54)
==3535==    by 0x80484DD: run (in /home/remi/a.out)
==3535==    by 0x402D2D2: start_thread (pthread_create.c:296)
==3535==    by 0x41124ED: clone (in /usr/lib/debug/libc-2.6.1.so)

There appears to be a similar issue with strerror_r() also.

Regards,


-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (100, 'unstable'), (100, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.20.15 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages libc6 depends on:
ii  libgcc1                       1:4.2.1-5  GCC support library

libc6 recommends no packages.

-- debconf information:
  glibc/restart-failed:
  glibc/restart-services:

--- End Message ---
--- Begin Message --- 
So you want a new bug number...

-- 
Rémi Denis-Courmont
http://www.remlab.net/

--- End Message ---
Reply to: