[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
ia64/91846: TLS: malloc(3) exposes DTLS bug in non-threaded applications
>Number: 91846
>Category: ia64
>Synopsis: TLS: malloc(3) exposes DTLS bug in non-threaded applications
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ia64
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Jan 16 00:30:07 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator: Marcel Moolenaar
>Release: 7-CURRENT
>Organization:
>Environment:
FreeBSD bigsur.pn.xcllnt.net 7.0-CURRENT FreeBSD 7.0-CURRENT #1: Fri Jan 13 16:26:27 PST 2006 marcel@xxxxxxxxxxxxxxxxxxxx:/usr/obj/nfs/freebsd/7.x/src/sys/BIGSUR ia64
>Description:
When NO_TLS is *not* defined in src/lib/libc/stdlib/malloc.c on ia64, then a SIGSEGV will result due to arenas_map being thread-local and it being referenced in choose_arena(). That reference causes a
thread-local relocation to end up in tls_get_addr_common() in src/libexec/rtld-elf/rtld.c for which the dtvp argument is NULL. This pretty much means that __tls_get_addr() on ia64 does the wrong thing. In this case it assumes that r13 (aka TP) is non-NULL in all cases, which is false for non-threaded applications.
>How-To-Repeat:
n/a
>Fix:
tbd
>Release-Note:
>Audit-Trail:
>Unformatted: