[Bug 878280] [NEW] pthread_key_create() gives zero as its first key

Wed Oct 19 15:33:48 UTC 2011

Public bug reported:

pthread_key_create() takes an address to a pthread_key_t and sets the
key to what I presume is an index into an array.  However, since keys
tend to be global variables, they are automatically initialized to zero.
Therefore, accessing thread-local storage with a key that was never
passed to pthread_key_create() has the potential of clobbering data.  A
trivial fix would make the first key to be returned = 1, instead of 0.
The zero'th element of the array should point to uninitialized memory so
that trying to access a TLS entry based on an non-created key will cause
a segfault.

Implementing the fix will make it easier for programmers to debug their
code, and will limit the number of libraries that get shipped that
inadvertently clobber user data.  This bug was uncovered when a customer
tried to use Cilk and jemalloc together.  jemalloc wrote TLS data based
on a key it had never created and ended up clobbering data in libcilkrts
(eventually leading to a segfault).  The jemalloc bug has been reported
to their developers.

This is a bug in the glibc implementation, upstream, no doubt.  But the
GNU team encourages users to report bugs to their distributions, first.

ProblemType: Bug
DistroRelease: Ubuntu 11.04
Package: libc6 2.13-0ubuntu13
ProcVersionSignature: Ubuntu 2.6.38-11.50-generic 2.6.38.8
Uname: Linux 2.6.38-11-generic x86_64
NonfreeKernelModules: sep3_4 pax nvidia
Architecture: amd64
Date: Wed Oct 19 11:12:55 2011
ProcEnviron:
 LANGUAGE=en_US:en
 PATH=(custom, user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: eglibc
UpgradeStatus: Upgraded to natty on 2011-05-03 (168 days ago)

** Affects: eglibc (Ubuntu)
     Importance: Undecided
         Status: New

** Tags: amd64 apport-bug natty pthread running-unity

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/878280

Title:
  pthread_key_create() gives zero as its first key

Status in “eglibc” package in Ubuntu:
  New

Bug description:
  pthread_key_create() takes an address to a pthread_key_t and sets the
  key to what I presume is an index into an array.  However, since keys
  tend to be global variables, they are automatically initialized to
  zero.  Therefore, accessing thread-local storage with a key that was
  never passed to pthread_key_create() has the potential of clobbering
  data.  A trivial fix would make the first key to be returned = 1,
  instead of 0.  The zero'th element of the array should point to
  uninitialized memory so that trying to access a TLS entry based on an
  non-created key will cause a segfault.

  Implementing the fix will make it easier for programmers to debug
  their code, and will limit the number of libraries that get shipped
  that inadvertently clobber user data.  This bug was uncovered when a
  customer tried to use Cilk and jemalloc together.  jemalloc wrote TLS
  data based on a key it had never created and ended up clobbering data
  in libcilkrts (eventually leading to a segfault).  The jemalloc bug
  has been reported to their developers.

  This is a bug in the glibc implementation, upstream, no doubt.  But
  the GNU team encourages users to report bugs to their distributions,
  first.

  ProblemType: Bug
  DistroRelease: Ubuntu 11.04
  Package: libc6 2.13-0ubuntu13
  ProcVersionSignature: Ubuntu 2.6.38-11.50-generic 2.6.38.8
  Uname: Linux 2.6.38-11-generic x86_64
  NonfreeKernelModules: sep3_4 pax nvidia
  Architecture: amd64
  Date: Wed Oct 19 11:12:55 2011
  ProcEnviron:
   LANGUAGE=en_US:en
   PATH=(custom, user)
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: eglibc
  UpgradeStatus: Upgraded to natty on 2011-05-03 (168 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/878280/+subscriptions