From james@targetnet.com  Thu May 11 10:04:21 2000
Return-Path: <james@targetnet.com>
Received: from mail.targetnet.com (mail.targetnet.com [207.245.246.3])
	by hub.freebsd.org (Postfix) with ESMTP id F3D4537BB60
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 11 May 2000 10:04:19 -0700 (PDT)
	(envelope-from james@targetnet.com)
Received: from james by mail.targetnet.com with local (Exim 3.02 #1)
	id 12pwNn-0000Bl-00
	for FreeBSD-gnats-submit@freebsd.org; Thu, 11 May 2000 13:04:19 -0400
Message-Id: <E12pwNn-0000Bl-00@mail.targetnet.com>
Date: Thu, 11 May 2000 13:04:19 -0400
From: James FitzGibbon <james@targetnet.com>
Reply-To: james@targetnet.com
To: FreeBSD-gnats-submit@freebsd.org
Subject: Memory leak in uthread_set_name_np
X-Send-Pr-Version: 3.2

>Number:         18504
>Category:       misc
>Synopsis:       pthread_set_name_np leaks memory
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    jasone
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu May 11 10:10:00 PDT 2000
>Closed-Date:    Mon Jul 17 11:41:15 PDT 2000
>Last-Modified:  Mon Jul 17 11:48:06 PDT 2000
>Originator:     James FitzGibbon
>Release:        FreeBSD 3.2-RELEASE i386 (but still present in -current)
>Organization:
Targetnet.com Inc.
>Environment:

Any pthread program using the non-portable pthread_set_name_np function
(defined in /usr/include/pthread_private.h)

>Description:

struct pthread contains a member variable "char *name", which is used to
store the name of the thread.  pthread_set_name_np is used to set this
member variable.  There are several problems:

- pthread_create does not set the member to a known valid state (NULL)
- pthread_set_name_np does not check if the member is NULL before assigning
  the return value of strdup to it.
- the garbage collector thread (lib/libc_r/uthread/uthread_gc.c) does not
  free the memory used by the member, if any.

>How-To-Repeat:

Call pthread_set_name_np multiple times.  The program will leak as many
bytes as are passed as to pthread_set_name_np.

>Fix:

The following patch addresses the above three issues.

diff -ru /usr/src/lib/libc_r/uthread/uthread_create.c uthread/uthread_create.c
--- /usr/src/lib/libc_r/uthread/uthread_create.c	Thu Mar 23 02:06:40 2000
+++ uthread/uthread_create.c	Thu May 11 12:47:49 2000
@@ -164,6 +164,7 @@
 			new_thread->slice_usec = -1;
 			new_thread->sig_saved = 0;
 			new_thread->stack = stack;
+			new_thread->name = NULL;
 			new_thread->start_routine = start_routine;
 			new_thread->arg = arg;
 
diff -ru /usr/src/lib/libc_r/uthread/uthread_gc.c uthread/uthread_gc.c
--- /usr/src/lib/libc_r/uthread/uthread_gc.c	Tue Dec 28 13:13:02 1999
+++ uthread/uthread_gc.c	Thu May 11 12:53:15 2000
@@ -243,6 +243,13 @@
 			free(p_stack);
 		if (pthread_cln != NULL)
 			/*
+			   Free the memory allocated for the thread
+			   name, if any
+			/*
+			if( pthread_cln.name != NULL ) {
+				free(pthread_cln.name);
+			}
+			/*
 			 * Free the memory allocated for the thread
 			 * structure.
 			 */
diff -ru /usr/src/lib/libc_r/uthread/uthread_info.c uthread/uthread_info.c
--- /usr/src/lib/libc_r/uthread/uthread_info.c	Wed Sep 29 11:18:38 1999
+++ uthread/uthread_info.c	Thu May 11 12:48:32 2000
@@ -305,6 +305,10 @@
 {
 	/* Check if the caller has specified a valid thread: */
 	if (thread != NULL && thread->magic == PTHREAD_MAGIC)
+		/* Free the existing name, if any */
+		if( thread->name != NULL ) {
+			free(thread_name);
+		}
 		thread->name = strdup(name);
 	return;
 }

The patch is relative to RELENG_4, but should apply to -current as well.

After the standard wait period, a MFC to RELENG_4 (and RELENG_3 if possible)
would be appreciated.

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->jasone 
Responsible-Changed-By: jasone 
Responsible-Changed-When: Fri May 12 00:21:11 PDT 2000 
Responsible-Changed-Why:  
Over to maintainer. 

From: Jeroen Ruigrok/Asmodai <asmodai@wxs.nl>
To: James FitzGibbon <james@targetnet.com>
Cc: FreeBSD-gnats-submit@freebsd.org, jasone@freebsd.org
Subject: Re: misc/18504: Memory leak in uthread_set_name_np
Date: Sat, 13 May 2000 13:50:31 +0200

 Jason, can you please look at this patch?
 
 -On [20000511 20:02], James FitzGibbon (james@targetnet.com) wrote:
 >
 >>Fix:
 >
 >The following patch addresses the above three issues.
 >
 >diff -ru /usr/src/lib/libc_r/uthread/uthread_create.c uthread/uthread_create.c
 >--- /usr/src/lib/libc_r/uthread/uthread_create.c	Thu Mar 23 02:06:40 2000
 >+++ uthread/uthread_create.c	Thu May 11 12:47:49 2000
 >@@ -164,6 +164,7 @@
 > 			new_thread->slice_usec = -1;
 > 			new_thread->sig_saved = 0;
 > 			new_thread->stack = stack;
 >+			new_thread->name = NULL;
 > 			new_thread->start_routine = start_routine;
 > 			new_thread->arg = arg;
 > 
 >diff -ru /usr/src/lib/libc_r/uthread/uthread_gc.c uthread/uthread_gc.c
 >--- /usr/src/lib/libc_r/uthread/uthread_gc.c	Tue Dec 28 13:13:02 1999
 >+++ uthread/uthread_gc.c	Thu May 11 12:53:15 2000
 >@@ -243,6 +243,13 @@
 > 			free(p_stack);
 > 		if (pthread_cln != NULL)
 > 			/*
 >+			   Free the memory allocated for the thread
 >+			   name, if any
 >+			/*
 >+			if( pthread_cln.name != NULL ) {
 >+				free(pthread_cln.name);
 >+			}
 >+			/*
 > 			 * Free the memory allocated for the thread
 > 			 * structure.
 > 			 */
 >diff -ru /usr/src/lib/libc_r/uthread/uthread_info.c uthread/uthread_info.c
 >--- /usr/src/lib/libc_r/uthread/uthread_info.c	Wed Sep 29 11:18:38 1999
 >+++ uthread/uthread_info.c	Thu May 11 12:48:32 2000
 >@@ -305,6 +305,10 @@
 > {
 > 	/* Check if the caller has specified a valid thread: */
 > 	if (thread != NULL && thread->magic == PTHREAD_MAGIC)
 >+		/* Free the existing name, if any */
 >+		if( thread->name != NULL ) {
 >+			free(thread_name);
 >+		}
 > 		thread->name = strdup(name);
 > 	return;
 > }
 >
 >The patch is relative to RELENG_4, but should apply to -current as well.
 
 I don't think this should be a problem.
 
 >After the standard wait period, a MFC to RELENG_4 (and RELENG_3 if possible)
 >would be appreciated.
 
 Of course.
 
 -- 
 Jeroen Ruigrok vd Werven/Asmodai    asmodai@[wxs.nl|bart.nl|freebsd.org]
 Documentation nutter/C-rated Coder BSD: Technical excellence at its best  
 The BSD Programmer's Documentation Project <http://home.wxs.nl/~asmodai>
 I could shed anoter million tears, a million breaths, a million names
 but only one Truth to face...
 

From: Jeroen Ruigrok/Asmodai <asmodai@wxs.nl>
To: James FitzGibbon <james@targetnet.com>
Cc: FreeBSD-gnats-submit@freebsd.org, jasone@freebsd.org
Subject: Re: misc/18504: Memory leak in uthread_set_name_np
Date: Sat, 13 May 2000 13:51:56 +0200

 Oh damn.
 
 Just found the reply. =\
 
 Sorry for the duplication.  Nice to see you on the case already. ;)
 
 Mea culpa,
 
 -- 
 Jeroen Ruigrok vd Werven/Asmodai    asmodai@[wxs.nl|bart.nl|freebsd.org]
 Documentation nutter/C-rated Coder BSD: Technical excellence at its best  
 The BSD Programmer's Documentation Project <http://home.wxs.nl/~asmodai>
 A rose is a rose is a rose is a rose...
 
State-Changed-From-To: open->feedback 
State-Changed-By: jasone 
State-Changed-When: Tue May 16 15:20:45 PDT 2000 
State-Changed-Why:  
Fix checked into -current.  Waiting to MFC. 
State-Changed-From-To: feedback->closed 
State-Changed-By: jasone 
State-Changed-When: Mon Jul 17 11:41:15 PDT 2000 
State-Changed-Why:  
Patch applied (with minor changes) to HEAD and RELENG_4. 
>Unformatted:
