Bug 1069079

Summary: crash when linking libgnutls and libmysqlclient
Product: [Fedora] Fedora Reporter: Ken Dreyer <ktdreyer>
Component: trousersAssignee: Steve Grubb <sgrubb>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: ejratl, hagberg, jorton, mschmidt, nmavrogi, sgrubb, tmraz, volker27, xjakub
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-03-18 21:00:00 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1064300    
Attachments:
Description Flags
Proposed fix none

Description Ken Dreyer 2014-02-24 05:56:43 UTC 
Description of problem:
A trivial program that links against both libmysqlclient and libgnutls will crash with a segfault.

Version-Release number of selected component (if applicable):
gnutls-devel-3.2.10-2.fc21
1:mariadb-devel-5.5.35-4.fc21

How reproducible:
$ cat test.c
int main ()
{
  return 0;
}

$ gcc -o test -L/usr/lib64/mysql test.c -lmysqlclient -lgnutls

$ ./test
Segmentation fault (core dumped)

backgrace in GBD:

d 1 (Thread 0x7ffff7f9f940 (LWP 25172)):
#0  0x00007ffff7301384 in pthread_mutex_lock () from /lib64/libpthread.so.0
#1  0x00007fffe25d9bb4 in host_table_final () from /lib64/libtspi.so.1
#2  0x00007ffff7deb30a in _dl_fini () from /lib64/ld-linux-x86-64.so.2
#3  0x00007ffff0fd28b9 in __run_exit_handlers () from /lib64/libc.so.6
#4  0x00007ffff0fd2905 in exit () from /lib64/libc.so.6
#5  0x00007ffff0fb9e9c in __libc_start_main () from /lib64/libc.so.6
#6  0x0000000000400879 in _start ()


Actual results:
The program segfaults.

Expected results:
The program should exit normally.

Additional info:
I found this because XBMC's build process does something like this:
  gcc -o test -L/usr/lib64/mysql test.c -lmysqlclient -lavfilter
and libavfilter pulls in libgnutls.
Comment 1 Nikos Mavrogiannopoulos 2014-02-24 08:39:00 UTC 
The crash is on libtspi (which is used by gnutls). I can reproduce it as:
gcc test.c  -L/usr/lib64/mysql -lmysqlclient -ltspi 

Interesting enough if the test is compiled as:
gcc test.c -ltspi  -L/usr/lib64/mysql -lmysqlclient

there is no crash. So the issue seems related to tspi's library destructor conflicting with something in libmysqlclient. As the crash is on the mutex, my guess would be some uninitialized mutex or something like that.

I'm assigning the issue to trousers.
Comment 2 Nikos Mavrogiannopoulos 2014-02-24 08:40:49 UTC 
Here is a backtrace with debugging symbols included:

==3836== Invalid read of size 4
==3836==    at 0x3942009FE0: pthread_mutex_lock (pthread_mutex_lock.c:66)
==3836==    by 0x31CFE22BC3: host_table_final (hosttable.c:54)
==3836==    by 0x394140F8E9: _dl_fini (dl-fini.c:252)
==3836==    by 0x39418394C8: __run_exit_handlers (exit.c:82)
==3836==    by 0x3941839514: exit (exit.c:104)
==3836==    by 0x3941821D6B: (below main) (libc-start.c:319)
==3836==  Address 0x18 is not stack'd, malloc'd or (recently) free'd
==3836== 
==3836== 
==3836== Process terminating with default action of signal 11 (SIGSEGV)
==3836==  Access not within mapped region at address 0x18
==3836==    at 0x3942009FE0: pthread_mutex_lock (pthread_mutex_lock.c:66)
==3836==    by 0x31CFE22BC3: host_table_final (hosttable.c:54)
==3836==    by 0x394140F8E9: _dl_fini (dl-fini.c:252)
==3836==    by 0x39418394C8: __run_exit_handlers (exit.c:82)
==3836==    by 0x3941839514: exit (exit.c:104)
==3836==    by 0x3941821D6B: (below main) (libc-start.c:319)
Comment 3 Nikos Mavrogiannopoulos 2014-02-28 11:16:43 UTC 
Created attachment 868989 [details]
Proposed fix

It seems that the issue is in the name of the constructors/destructors. Both mysqlclient and tspi use the name "my_init", and the one responsible for calling them, is probably confused and doesn't call both.

The attached patch marks the tspi's constructor and destructor as static, thus eliminating the issue.
Comment 4 Nikos Mavrogiannopoulos 2014-02-28 11:29:47 UTC 
Reported upstream as: https://sourceforge.net/p/trousers/bugs/172/
Comment 5 Ken Dreyer 2014-03-14 01:46:12 UTC 
Thanks very much Nikos. Would you mind pushing a build to Fedora Rawhide (F21) and Fedora 20 with the patch? This should allow us to build XBMC.
Comment 6 Steve Grubb 2014-03-18 21:00:00 UTC 
Patch applied in trousers-0.3.11.2-3.fc21. Thanks for reporting the issue and supplying a patch.
Comment 7 Volker Fröhlich 2014-03-23 16:29:07 UTC 
Fedora 20 too, please!
Comment 8 Fedora Update System 2014-03-25 21:07:36 UTC 
trousers-0.3.11.2-3.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/trousers-0.3.11.2-3.fc20
Comment 9 Steve Grubb 2014-03-26 02:58:10 UTC 
In reply to comment#7, done.
Comment 10 Fedora Update System 2014-04-04 09:40:15 UTC 
trousers-0.3.11.2-3.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.