This is the mail archive of the libc-help@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: random corruption while doing popen pclose


On Mon, Dec 3, 2012 at 11:09 AM, Ajeet Yadav <ajeet.yadav.77@gmail.com> wrote:
> Linux version 3.0.33 (Cortex A15)
>  Below program crashes with 2.14.1 glibc but runs fine with 2.11.1 glibc.
>
> #include <pthread.h>
>  #include <stdio.h>
>  #include <stdlib.h>
>  #include <signal.h>
>  #include <string.h>
>  #include <errno.h>
>
> #define MAX_LINE_SIZE 80
>
> #define MAX_THREAD 20
>  #define MAX_POPEN 10
>  #define MALLOC_SIZE 16
>
> void* pipe_thread(void *arg)
>  {
>      int i;
>      char *p = NULL;
>      FILE *fp[MAX_POPEN];
>      char shellCommand[MAX_LINE_SIZE];
>
>     memset(shellCommand, 0x00, MAX_LINE_SIZE);
>      sprintf(shellCommand, "mount");
>      signal(SIGPIPE, SIG_IGN);
>
>     while (1) {
>          for (i = 0; i < MAX_POPEN; ++i) {
>              fp[i] = popen(shellCommand, "r");
>          }
>
>         if (p) {
>              free(p);
>          }
>
>         for (i = 0; i < MAX_POPEN; ++i) {
>              if (fp[i])
>                  pclose(fp[i]);
>          }
>
>         p = malloc(MALLOC_SIZE);
>          if (p)
>              memset(p, 0, MALLOC_SIZE);
>      }
>      return NULL;
>  }
>
> int main(int argc, char *argv[])
>  {
>      int i;
>      pthread_t tid;
>
>     for (i = 0; i < MAX_THREAD; ++i) {
>          pthread_create(&tid, NULL, &pipe_thread, (void*)NULL);
>      }
>      sleep(60);
>  }
>
> gdb logs:
>  (gdb) bt
>  #0  0x4014f998 in _IO_new_fclose (fp=0x1) at iofclose.c:74
>  #1  0x4015b59c in fwide (fp=0xb8, mode=<optimized out>) at fwide.c:47
>  #2  0x00008a6c in ?? ()
>  Cannot access memory at address 0x8
>  #3  0x00008a6c in ?? ()
>  Cannot access memory at address 0x8
>  Backtrace stopped: previous frame identical to this frame (corrupt stack?)

Yesturday I have been able to fix this issue with below patch, now
 this problem no longer occurs.
 But still my interest is 1> Why this patch fixes the problem ? 2> What
 change between 2.11.1 and 2.14.1 caused this problem
 -------------------------------------------------------------------------------
 diff --git a/libio/iopopen.c b/libio/iopopen.c
 index 1a5cc0f..888a57f 100644
 --- a/libio/iopopen.c
 +++ b/libio/iopopen.c
 @@ -299,6 +299,7 @@ _IO_new_popen (command, mode)
    new_f = (struct locked_FILE *) malloc (sizeof (struct locked_FILE));
    if (new_f == NULL)
      return NULL;
 +  memset(new_f, 0, sizeof (struct locked_FILE));
  #ifdef _IO_MTSAFE_IO
    new_f->fpx.file.file._lock = &new_f->lock;
  #endif


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]