From nobody@FreeBSD.ORG Fri May 14 14:22:27 1999
Return-Path: <nobody@FreeBSD.ORG>
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 65D4415095; Fri, 14 May 1999 14:22:27 -0700 (PDT)
Message-Id: <19990514212227.65D4415095@hub.freebsd.org>
Date: Fri, 14 May 1999 14:22:27 -0700 (PDT)
From: rse@engelschall.com
Sender: nobody@FreeBSD.ORG
To: freebsd-gnats-submit@freebsd.org
Subject: memory leak and/or crash in uthread's destructor-calling function
X-Send-Pr-Version: www-1.0

>Number:         11713
>Category:       i386
>Synopsis:       memory leak and/or crash in uthread's destructor-calling function
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    nate
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri May 14 14:30:01 PDT 1999
>Closed-Date:    Fri May 14 18:34:57 PDT 1999
>Last-Modified:  Fri May 14 18:35:37 PDT 1999
>Originator:     Ralf S. Engelschall
>Release:        3.1
>Organization:
Cable & Wireless ECRC 
>Environment:
FreeBSD en1.engelschall.com 3.1-RELEASE FreeBSD 3.1-RELEASE #4: Sun Feb 28 18:55:02 CET 1999     rse@en1.engelschall.com:/usr/src/sys/compile/EN1  i386
>Description:
The uthread constructor calling function _thread_cleanupspecific
in /usr/src/lib/libc_r/uthread/uthread_spec.c does
the final free too late. The override with NULL has
to occur after the free and not before.
>How-To-Repeat:
I've seen this by poking around in the sources
and not by using the stuff. But I guess a memory leak or
even a crash could occur because of the free(NULL)
when pthread_key_create() was used in an application.
>Fix:
--- uthread_spec.c.orig Fri May 14 23:14:53 1999
+++ uthread_spec.c      Fri May 14 23:15:32 1999
@@ -124,8 +124,8 @@
                        }
                }
        }
-       _thread_run->specific_data = NULL;
        free(_thread_run->specific_data);
+       _thread_run->specific_data = NULL;
 }
 
 static inline const void **


>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->suspended 
State-Changed-By: nate 
State-Changed-When: Fri May 14 14:36:50 PDT 1999 
State-Changed-Why:  
Fix applied to -current, will be merged into -stable if jdk OK's it. 


Responsible-Changed-From-To: freebsd-bugs->nate 
Responsible-Changed-By: nate 
Responsible-Changed-When: Fri May 14 14:36:50 PDT 1999 
Responsible-Changed-Why:  
I applied the fix. 
State-Changed-From-To: suspended->closed 
State-Changed-By: nate 
State-Changed-When: Fri May 14 18:34:57 PDT 1999 
State-Changed-Why:  
Fix applied to 3.2-stable.  I'm sorry, but I was too late to get it into 3.2R. 
>Unformatted:
