Public bug reported:
$ cat ops.c
#include <unistd.h>
#include <pthread.h>
void *func(void *nop)
{
sleep(100);
return NULL;
}
int main(int argc, char *argv[])
{
void *ptr;
pthread_t id;
pthread_create(&id,NULL,func,NULL);
pthread_cancel(id);
pthread_join(id,&ptr);
return 0;
}
$ cc ops.c -o ops -lpthread -ggdb -Wall
$ valgrind ./ops
==23044== Memcheck, a memory error detector.
==23044== Copyright (C) 2002-2005, and GNU GPL'd, by Julian Seward et al.
==23044== Using LibVEX rev 1471, a library for dynamic binary translation.
==23044== Copyright (C) 2004-2005, and GNU GPL'd, by OpenWorks LLP.
==23044== Using valgrind-3.1.0-Debian, a dynamic binary instrumentation
framework.
==23044== Copyright (C) 2000-2005, and GNU GPL'd, by Julian Seward et al.
==23044== For more details, rerun with: -v
==23044==
==23044== Invalid read of size 8
==23044== at 0x4010664: (within /lib/ld-2.3.6.so)
==23044== by 0x40089BC: (within /lib/ld-2.3.6.so)
==23044== by 0x4004DF3: (within /lib/ld-2.3.6.so)
==23044== by 0x4006612: (within /lib/ld-2.3.6.so)
==23044== by 0x4D2C51B: (within /lib/libc-2.3.6.so)
==23044== by 0x400B13F: (within /lib/ld-2.3.6.so)
==23044== by 0x4D2D0C9: _dl_open (in /lib/libc-2.3.6.so)
==23044== by 0x4D2E627: (within /lib/libc-2.3.6.so)
==23044== by 0x400B13F: (within /lib/ld-2.3.6.so)
==23044== by 0x4D2E6D2: __libc_dlopen_mode (in /lib/libc-2.3.6.so)
==23044== by 0x4B2ABCB: pthread_cancel_init (in /lib/libpthread-2.3.6.so)
==23044== by 0x4B27867: pthread_cancel (in /lib/libpthread-2.3.6.so)
==23044== Address 0x566D0F8 is 16 bytes inside a block of size 19 alloc'd
==23044== at 0x4A19A16: malloc (vg_replace_malloc.c:149)
==23044== by 0x4006A00: (within /lib/ld-2.3.6.so)
==23044== by 0x4D2C51B: (within /lib/libc-2.3.6.so)
==23044== by 0x400B13F: (within /lib/ld-2.3.6.so)
==23044== by 0x4D2D0C9: _dl_open (in /lib/libc-2.3.6.so)
==23044== by 0x4D2E627: (within /lib/libc-2.3.6.so)
==23044== by 0x400B13F: (within /lib/ld-2.3.6.so)
==23044== by 0x4D2E6D2: __libc_dlopen_mode (in /lib/libc-2.3.6.so)
==23044== by 0x4B2ABCB: pthread_cancel_init (in /lib/libpthread-2.3.6.so)
==23044== by 0x4B27867: pthread_cancel (in /lib/libpthread-2.3.6.so)
==23044== by 0x400624: main (ops.c:15)
==23044==
==23044== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 8 from 1)
==23044== malloc/free: in use at exit: 1,604 bytes in 6 blocks.
==23044== malloc/free: 6 allocs, 0 frees, 1,604 bytes allocated.
==23044== For counts of detected errors, rerun with: -v
==23044== searching for pointers to 6 not-freed blocks.
==23044== checked 8,567,792 bytes.
==23044==
==23044== LEAK SUMMARY:
==23044== definitely lost: 0 bytes in 0 blocks.
==23044== possibly lost: 136 bytes in 1 blocks.
==23044== still reachable: 1,468 bytes in 5 blocks.
==23044== suppressed: 0 bytes in 0 blocks.
==23044== Reachable blocks (those to which a pointer was found) are not shown.
==23044== To see them, rerun with: --show-reachable=yes
$ uname -a
Linux ub2006 2.6.15-25-amd64-generic #1 SMP PREEMPT Wed Jun 14 11:28:03 UTC
2006 x86_64 GNU/Linux
$ ls -al /lib/ld-linux-x86-64.so.2
lrwxrwxrwx 1 root root 11 2006-06-02 12:51 /lib/ld-linux-x86-64.so.2 ->
ld-2.3.6.so
** Affects: glibc (Ubuntu)
Importance: Untriaged
Status: Unconfirmed
--
Memory problems on pthread_cancel()
https://launchpad.net/bugs/50722
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
