apr-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 47843] New: Non-threadsafe use of memory pool by apr_thread_pool_create() and thread_pool_func()
Date Tue, 15 Sep 2009 17:42:38 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=47843

           Summary: Non-threadsafe use of memory pool by
                    apr_thread_pool_create() and thread_pool_func()
           Product: APR
           Version: HEAD
          Platform: PC
        OS/Version: Windows XP
            Status: NEW
          Severity: normal
          Priority: P2
         Component: APR-util
        AssignedTo: bugs@apr.apache.org
        ReportedBy: akorobka@fxcm.com


When creating a thread pool apr_thread_pool_create() calls apr_thread_create()
without acquiring the corresponding thread pool mutex.

while (init_threads) {
        rv = apr_thread_create(&t, NULL, thread_pool_func, *me, (*me)->pool);
        ...   
}

apr_thread_create() proceeds to allocate and initialize its internal objects
from the pool before spawning a thread,

    (*new) = (apr_thread_t *)apr_pcalloc(pool, sizeof(apr_thread_t));
    ...
    (*new)->td = (pthread_t *)apr_pcalloc(pool, sizeof(pthread_t));
    ...
    (*new)->data = data;
    (*new)->func = func;
    ...
    stat = apr_pool_create(&(*new)->pool, pool);
    ...
    if ((stat = pthread_create((*new)->td, temp, dummy_worker, (*new))) == 0) {
    ...

The new thread starts in dummy_worker(), which passes control to the
thread_pool_func(). The latter acquires the thread pool mutex and allocates
apr_thread_list_elt object from the same memory pool. If
apr_thread_pool_create() needs to start more than one initial thread, the
memory pool may end up being used concurrently by two threads, one executing
apr_thread_create() and another executing thread_pool_func(). This may result
in data corruption as APR memory pools are not thread-safe.

Proposed fix - hold thread pool mutex around the call to apr_thread_create() in
apr_thread_pool_create().

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@apr.apache.org
For additional commands, e-mail: bugs-help@apr.apache.org


Mime
View raw message