Bug#571639: libc6: pthread_cancel dies screaming if passed an uninitialised pthread_t

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#571639: libc6: pthread_cancel dies screaming if passed an uninitialised pthread_t
From: Ron <ron@debian.org>
Date: Sat, 27 Feb 2010 03:49:17 +1030
Message-id: <20100226171917.28310.70729.reportbug@audi.shelbyville.oz>
Reply-to: Ron <ron@debian.org>, 571639@bugs.debian.org

Package: libc6
Version: 2.10.2-5
Severity: normal

Hi,

If the equivalent of this happens, then pthread_cancel segfaults:

static pthread_t p;
int main(void)
{
	pthread_cancel(p);
}


Culprit would appear to be in pthread_cancel.c:

  /* Make sure the descriptor is valid.  */
  if (INVALID_TD_P (pd))
    /* Not a valid thread handle.  */
    return ESRCH;

Which expands in nptl/pthreadP.h to:
# define INVALID_TD_P(pd) __builtin_expect ((pd)->tid <= 0, 0)

and Kaboom QED.


SuS would appear to allow us to explode with an 'uninitialised' pthread_t,
or at least doesn't expressly forbid it anywhere I can see, but it would
seem better if we still didn't with a 'default initialised' variable.

I don't really expect this to work in compliant code, so I won't object
if you wontfix or close it, but it surprised me enough to look and point.

Cheers,
Ron

Reply to:

Prev by Date: Bug#570233: [patches] please add timepps.h
Next by Date: Re: NAZI CHAT ROOM
Previous by thread: Fw: [PATCH 0/3]: Initial Sparc multiarch support
Next by thread: Re: NAZI CHAT ROOM
Index(es):
- Date
- Thread