https://bugzilla.novell.com/show_bug.cgi?id=463301 Summary: Race condition in the glibc function vfprintf() Product: openSUSE 11.1 Version: Final Platform: x86-64 OS/Version: openSUSE 11.1 Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: bart.vanassche@gmail.com QAContact: qa@suse.de Found By: Community User Apparently calling printf() from more than one thread triggers a race condition on _IO_2_1_stdout_.file._mode. This race is triggered by line 1270 of file vfprintf.c, which contains the following statement: "ORIENT;". This statement tests some bits in _IO_2_1_stdout_.file._mode and takes a decision. Later on vfprintf() calls _IO_flockfile(). This is a race condition because other threads may change these bits after vfprintf() tested these bits and before vfprintf() calls _IO_flockfile(). I discovered this issue through verifying a multithreaded program with DRD (a data race detection tool). The first error message printed by DRD for a program that calls printf() from more than one thread is as follows: $ svn info . URL: svn://svn.valgrind.org/valgrind/branches/DRDDEV .. Revision: 8895 .. $ ./vg-in-place --var-info=yes --tool=drd drd/tests/circular_buffer .. ==9097== Thread 3: ==9097== Conflicting load by thread 3/3 at 0x0539d840 size 4 ==9097== at 0x508D460: vfprintf (vfprintf.c:1270) ==9097== by 0x5097599: printf (printf.c:35) ==9097== by 0x400D99: buffer_send (circular_buffer.c:105) ==9097== by 0x400E08: producer (circular_buffer.c:124) ==9097== by 0x4C2A047: vg_thread_wrapper (drd_pthread_intercepts.c:184) ==9097== by 0x4E3506F: start_thread (pthread_create.c:297) ==9097== by 0x511D0EC: clone (clone.S:112) ==9097== Location 0x539d840 is 0 bytes inside _IO_2_1_stdout_.file._mode, ==9097== a global variable declared at stdfiles.c:70 .. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.