[cups-devel] [UNKN] STR #4410: Segmentation fault in __nptl_deallocate_tsd caused by dlclose before thead data freed

Sandro Mani noreply at cups.org
Sat May 3 04:41:39 PDT 2014 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

DO NOT REPLY TO THIS MESSAGE.  INSTEAD, POST ANY RESPONSES TO THE LINK BELOW.

[STR New]

What follows has been verified on Fedora (F20, rawhide) and Ubuntu (12.04 -
14.04).

cups_globals_init() (through _cupsGlobals ()) in cups/globals.c registers
thread data with destructor cups_globals_free. If the cups shared object is
dlclosed before the thread ends, __nptl_deallocate_tsd will attempt to call
the destructor which is not a valid address anymore, and causes the
application to crash.

To reproduce, make sure libsane-hpaio is installed and run the follwing
sample program:

- --------------------------------------------------------
g++ -g -std=c++11 -o test test.cpp $(pkg-config --cflags --libs
sane-backends)
- --------------------------------------------------------
#include <cassert>
#include <iostream>
#include <thread>
#include <sane/sane.h>

void scan_thread() {
    SANE_Status status;

    status = sane_init(nullptr, nullptr);
    assert(status == SANE_STATUS_GOOD);

    const SANE_Device** device_list = nullptr;
    status = sane_get_devices(&device_list, false);
    assert(status == SANE_STATUS_GOOD);

    for(int i = 0; device_list[i] != nullptr; ++i){
        std::cout << device_list[i]->name << std::endl;
    }

    sane_exit();
}

int main() {
    std::thread t(scan_thread);
    t.join();
    return 0;
}
- --------------------------------------------------------

See also https://bugzilla.redhat.com/show_bug.cgi?id=1065695


The attached patch fixes the issue, though likely not very portable.

Link: https://www.cups.org/str.php?L4410
Version: 1.7-current
Attachment: https://www.cups.org/strfiles.php/3318/cups_free-dlclose.patch
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJTZNXzAAoJENujp6sI12IjHVIP+wc9p+HjZqKvF65a+zmIoTPq
8J+TFg7sjM3dIUH+j0cDd4B/lhVe8tFVgoMhz4bXp2Nw7j5jDTnGHmyYVackkUgj
/e1jsRp6Z/DSrmW7Mb0xi1Bk4hBCv5oLpKD0KLKzXTlMaQG1b0oPqg67nFAHA0P4
/f5uskf87nmp/y8PStLrIHx73jktfQJmKo2R/FA6OWdCXBCSAJLW8xtdfDiHIXSM
MCCdKkwtQ7fZTJ/Vyh/3iCFBaWyrDKJILdfaRbc0kFwdKRZ3bjvJGH9rdQM3WlSU
C/wH4R4KbKziQnfRDrpKmMuxCZC5V8YU26x1HCY5I94pBvHulMX118XDhKO36XX6
aIg6VNPL//bePURO0+G3hhSTHUaytpJmKtKnFdvsQsZuoe8NR5vOoc2XfGn50tVQ
zBQfH6KpxoxPxfqGAiqkNGCbWMs1JhUbWN+DtD1lZPEPldg5RZeXq6sGO7U6AQtm
YYYolVM6X/ryHjArcXryxV1nR+d2MbIcC0SD41HE5/F/HmVNGkFFrBEjaDu6+Eeo
KRi21s34Hln84xoaS85Npr5tNkkYfRvl/o4lUNJczFT5jAPPnq91urSI62zDYC/S
81J6afBkiJyT3luQjSPUYReg54p6O/wIT4k/wX3+s9TLVCL+Hi6DAVdTykWj3Tky
437sZJRqJzP1uRjgbRrI
=SYNl
-----END PGP SIGNATURE-----

More information about the cups-devel mailing list