This is the mail archive of the gcc-help@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Unexpected value-at for NULL'd pointer with pthreads

From: Kyle Harper <kylejharper at gmail dot com>
To: Jonathan Wakely <jwakely dot gcc at gmail dot com>
Cc: "gcc-help at gcc dot gnu dot org" <gcc-help at gcc dot gnu dot org>
Date: Mon, 24 Aug 2015 08:06:02 -0700
Subject: Re: Unexpected value-at for NULL'd pointer with pthreads
Authentication-results: sourceware.org; auth=none
References: <CAPcbWWxx3g9Uk9sn5jgG1GgmxSk1fjy5ybHKuRMzdKN3LJqt2Q at mail dot gmail dot com> <CAH8yC8nSNMGkbLWWcToBX6ZP5ygFFVqjKOmjq_pnvvFmfnxqSA at mail dot gmail dot com> <CAH6eHdSw84L3t9AqUjwGkvEU=4knZJvAod+d72OgusP0F5q0pA at mail dot gmail dot com> <CAPcbWWx-CQpJQvKHdHkObJ4wRv=9idRi1PaJuJ0nScMM7o6E_g at mail dot gmail dot com> <55DAD5B7 dot 90604 at redhat dot com> <CAPcbWWw8jv6kayXL-hZKOVhbMCQGoNNbT3e5j0hvYbPfPqfFBA at mail dot gmail dot com> <55DB2DED dot 20507 at redhat dot com> <CAH6eHdSgmfuia2A3a98nBGC5Gea-NMRQznEni20PgBVVQrONvA at mail dot gmail dot com>

>> I did not see that link in any of your emails.  It doesn't do
>> anything about removing elements from lists.
>
> That's the first time I've seen that link too.
>

Weird.  I must have not Reply-All'd correctly.  Sorry about that.

>>> Compiled with:
>>> gcc -std=gnu99 -pthread -o grr grr.c
>>
>> You're freeing the same buffer twice.  Thus your program crashes.
>

I understand that double-free()ing is a fatal access violate, however
this shouldn't be happening in the first place.  I am using pthread
primitives (mutexes) to guard the critical section wherein I first
free, then set to NULL the pointer that both threads are looking at.
The first thread to reach the critical section should (and does)
free() and NULL, then asserts that *buf == NULL.  The second thread to
reach the critical section should return without performing any action
because of the if(*buf == NULL).... section, but it doesn't.

Pthread mutexes should be guaranteeing proper memory fencing, but that
doesn't appear to be the case.  When thread 1 sets *buf = NULL it
clearly has an effect on what thread 2 sees because thread 2 observes
(*buf)->id as 0 instead of 123 in my example program.

> Any of glibc, valgrind, asan or tsan diagnoses a use-after-free bug in
> that code.

I've been using valgrind (and helgrind) to attempt to see what's going
on but it's still unclear.  It will tell me "Invalid read of size
bla..." but I already know that *buf is being read when it shouldn't
be.  I haven't figured out how to get it to show me how that's
possible.

Follow-Ups:
- Re: Unexpected value-at for NULL'd pointer with pthreads
  - From: Andrew Haley

References:
- Unexpected value-at for NULL'd pointer with pthreads
  - From: Kyle Harper
- Re: Unexpected value-at for NULL'd pointer with pthreads
  - From: Jeffrey Walton
- Re: Unexpected value-at for NULL'd pointer with pthreads
  - From: Jonathan Wakely
- Re: Unexpected value-at for NULL'd pointer with pthreads
  - From: Kyle Harper
- Re: Unexpected value-at for NULL'd pointer with pthreads
  - From: Andrew Haley
- Re: Unexpected value-at for NULL'd pointer with pthreads
  - From: Kyle Harper
- Re: Unexpected value-at for NULL'd pointer with pthreads
  - From: Andrew Haley
- Re: Unexpected value-at for NULL'd pointer with pthreads
  - From: Jonathan Wakely

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]