[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#731547: Bug located to glib.

Control: reassign 731547 libglib2.0-0 2.42.0-2
Control: tags 731547 + patch
Control: retitle 731547 glib not handling -1 return from sysconf

I have investigated this on the porterbox, and located the bug to glib.
Patch is attached.

The bug is due to that when the return value of sysconf (a long) is
compared to the variable stack_size (an unsigned long) the values have
to be converted to a common type in order to do the comparison. This
common type is chosen by the compiler to be unsigned long - which is
correct behaviour according to the C language standard. When sysconf
returns -1 this is therefore converted to ULONG_MAX in order to do the
comparison and this is of course then always considered to be the higher
value. So the stack_size allocated for the thread becomes -1 bytes. When
the thread starts and allocates memory in this non-existing stack it
overwrites memory already in use by other threads.

The patch checks that the value returned by sysconf is positive before
comparing it to the variable stack_size.


--- glib-2.42.0/glib/gthread-posix.c	2014-09-22 13:42:12.000000000 +0000
+++ glib-2.42.0/glib/gthread-posix.c	2014-10-15 03:22:36.000000000 +0000
@@ -1159,7 +1159,9 @@
   if (stack_size)
-      stack_size = MAX (sysconf (_SC_THREAD_STACK_MIN), stack_size);
+      long min_stack_size = sysconf (_SC_THREAD_STACK_MIN);
+      if (min_stack_size >= 0)
+        stack_size = MAX (min_stack_size, stack_size);
 #endif /* _SC_THREAD_STACK_MIN */
       /* No error check here, because some systems can't do it and
        * we simply don't want threads to fail because of that. */

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: