Bug 1027101 - Race condition using ATOMIC_FASTBINS.
Summary: Race condition using ATOMIC_FASTBINS.
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: glibc
Version: 6.4
Hardware: x86_64
OS: Linux
Target Milestone: rc
: ---
Assignee: Carlos O'Donell
QA Contact: Arjun Shankar
: 985329 1320423 (view as bug list)
Depends On:
Blocks: 994246 1023566 1056252 1070830 1091162
TreeView+ depends on / blocked
Reported: 2013-11-06 07:20 UTC by Divya
Modified: 2018-12-09 17:16 UTC (History)
19 users (show)

Fixed In Version: glibc-2.12-1.137.el6
Doc Type: Bug Fix
Doc Text:
Certain code paths used by the C library's memory allocator "fastbins" feature, enabled by default (mallopt option M_MXFAST set to non-zero), were not thread-safe. When the non-safe code paths executed they could cause corruption in the allocator that would lead to a program segfault. The thread-unsafe code paths have been made thread-safe and should no longer cause application segfaults.
Clone Of:
Last Closed: 2014-10-14 04:42:12 UTC
Target Upstream Version:

Attachments (Terms of Use)
Reproducer program (1.72 KB, text/x-c++src)
2013-11-06 07:20 UTC, Divya
no flags Details

System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 1305406 0 urgent CLOSED invalid fastbin entry (free), missing glibc patch 2021-02-22 00:41:40 UTC
Red Hat Bugzilla 1320423 1 None None None 2021-01-20 06:05:38 UTC
Red Hat Knowledge Base (Solution) 360093 0 None None None Never
Red Hat Knowledge Base (Solution) 653643 0 None None None Never
Red Hat Product Errata RHSA-2014:1391 0 normal SHIPPED_LIVE Moderate: glibc security, bug fix, and enhancement update 2014-10-14 01:11:04 UTC
Sourceware 15073 0 P2 RESOLVED Race condition using ATOMIC_FASTBINS in _int_free causes crash or heap corruption 2020-10-02 00:01:15 UTC

Internal Links: 1305406 1320423

Description Divya 2013-11-06 07:20:23 UTC
Created attachment 820228 [details]
Reproducer program

Description of problem:
Attached reproducer seem have a random issue of heap corruption.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Compile and run the attached reproducer script under valgrind

Actual results:
data race condition and write conflicts

Expected results:
Should run without encountering race conditions

Additional info:
Upstream bugzilla for the same if reported at https://sourceware.org/bugzilla/show_bug.cgi?id=15073

Comment 1 RHEL Program Management 2013-11-10 09:15:41 UTC
This request was not resolved in time for the current release.
Red Hat invites you to ask your support representative to
propose this request, if still desired, for consideration in
the next release of Red Hat Enterprise Linux.

Comment 28 Tomas Heinrich 2014-03-18 10:37:36 UTC
*** Bug 985329 has been marked as a duplicate of this bug. ***

Comment 48 errata-xmlrpc 2014-10-14 04:42:12 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Comment 49 Brad Hubbard 2015-08-17 21:06:23 UTC
Making this bug public.

Comment 50 Florian Weimer 2016-03-31 07:13:37 UTC
*** Bug 1320423 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.