This is the mail archive of the
libc-help@sourceware.org
mailing list for the glibc project.
Re: random corruption while doing popen pclose
- From: Ajeet Yadav <ajeet dot yadav dot 77 at gmail dot com>
- To: libc-help at sourceware dot org
- Cc: linaro-toolchain at lists dot linaro dot org, Mans Rullgard <mans dot rullgard at linaro dot org>
- Date: Mon, 3 Dec 2012 11:10:20 +0530
- Subject: Re: random corruption while doing popen pclose
- References: <CAB4K4y5kqSuxfnVKreXzF83zJe=Ydyon+pMFv4=+5Mft82193A@mail.gmail.com>
On Mon, Dec 3, 2012 at 11:09 AM, Ajeet Yadav <ajeet.yadav.77@gmail.com> wrote:
> Linux version 3.0.33 (Cortex A15)
> Below program crashes with 2.14.1 glibc but runs fine with 2.11.1 glibc.
>
> #include <pthread.h>
> #include <stdio.h>
> #include <stdlib.h>
> #include <signal.h>
> #include <string.h>
> #include <errno.h>
>
> #define MAX_LINE_SIZE 80
>
> #define MAX_THREAD 20
> #define MAX_POPEN 10
> #define MALLOC_SIZE 16
>
> void* pipe_thread(void *arg)
> {
> int i;
> char *p = NULL;
> FILE *fp[MAX_POPEN];
> char shellCommand[MAX_LINE_SIZE];
>
> memset(shellCommand, 0x00, MAX_LINE_SIZE);
> sprintf(shellCommand, "mount");
> signal(SIGPIPE, SIG_IGN);
>
> while (1) {
> for (i = 0; i < MAX_POPEN; ++i) {
> fp[i] = popen(shellCommand, "r");
> }
>
> if (p) {
> free(p);
> }
>
> for (i = 0; i < MAX_POPEN; ++i) {
> if (fp[i])
> pclose(fp[i]);
> }
>
> p = malloc(MALLOC_SIZE);
> if (p)
> memset(p, 0, MALLOC_SIZE);
> }
> return NULL;
> }
>
> int main(int argc, char *argv[])
> {
> int i;
> pthread_t tid;
>
> for (i = 0; i < MAX_THREAD; ++i) {
> pthread_create(&tid, NULL, &pipe_thread, (void*)NULL);
> }
> sleep(60);
> }
>
> gdb logs:
> (gdb) bt
> #0 0x4014f998 in _IO_new_fclose (fp=0x1) at iofclose.c:74
> #1 0x4015b59c in fwide (fp=0xb8, mode=<optimized out>) at fwide.c:47
> #2 0x00008a6c in ?? ()
> Cannot access memory at address 0x8
> #3 0x00008a6c in ?? ()
> Cannot access memory at address 0x8
> Backtrace stopped: previous frame identical to this frame (corrupt stack?)
Yesturday I have been able to fix this issue with below patch, now
this problem no longer occurs.
But still my interest is 1> Why this patch fixes the problem ? 2> What
change between 2.11.1 and 2.14.1 caused this problem
-------------------------------------------------------------------------------
diff --git a/libio/iopopen.c b/libio/iopopen.c
index 1a5cc0f..888a57f 100644
--- a/libio/iopopen.c
+++ b/libio/iopopen.c
@@ -299,6 +299,7 @@ _IO_new_popen (command, mode)
new_f = (struct locked_FILE *) malloc (sizeof (struct locked_FILE));
if (new_f == NULL)
return NULL;
+ memset(new_f, 0, sizeof (struct locked_FILE));
#ifdef _IO_MTSAFE_IO
new_f->fpx.file.file._lock = &new_f->lock;
#endif