After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 305913 - [PATCH] hash.c functions not protected again multi-threading issues
[PATCH] hash.c functions not protected again multi-threading issues
Status: RESOLVED FIXED
Product: libxslt
Classification: Platform
Component: general
git master
Other All
: High critical
: ---
Assigned To: Daniel Veillard
libxml QA maintainers
Depends on:
Blocks:
 
 
Reported: 2005-05-30 10:59 UTC by Michel Reverbel
Modified: 2009-08-14 07:05 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
Patched hash.c, 1.30 with mutexes (26.65 KB, patch)
2005-06-02 07:49 UTC, Michel Reverbel 		rejected Details | Review

Description Michel Reverbel 2005-05-30 10:59:29 UTC 
Steps to reproduce:
1. Write a function that loads an XSLT Stylesheet
2. Call this function from 2 threads concurrently
3. Both threads will call at some point xmlHashUpdateEntry3 with the same
parameters (see stack) which will try to xmlFree() the same bloc.


Stack trace:
xsltFreeExtElement (ext=0x059af718)
xmlHashUpdateEntry3 (table=0x01962d08, name="document",
name2="http://www.jclark.com/xt", name3=NULL, ...)
xmlHashUpdateEntry2 (...)
xsltRegisterExtModuleElement (name="document", URI="http://www.jclark.com/xt",...)
xsltRegisterAllExtras ()
xsltInit ()
xsltNewStylesheet ()
xsltParseStylesheetImportedDoc ()
xsltParseStylesheetDoc ()
xsltParseStylesheetFile (...)



Other information:
As far as I can see, the xmlHashTable structures managed by hash.c are not
protected in case of concurrent access by several threads. This is the case of
the hash table used by libxslt for example (crash case, the static table
xsltElementsHash) but I think that it is a general problem.

In this specific case, both threads want to set the same slot (name="document",
name2 = "http://www.jclark.com/xt"), which results in freeing twice the content
of this slot if the thread switching occurs during xmlFree.

However I think that the hash table structures should be protected with a mutex
(xmlRMutex for example ?) during the execution of most the functions of hash.c
because any concurrent access to the same hash table could corrupt this table.
Comment 1 Michel Reverbel 2005-06-02 07:49:30 UTC 
Created attachment 47125 [details] [review]
Patched hash.c, 1.30 with mutexes

I made this patch to fix the bug quickly as it was blocking for me, I tested it
only in the context of my project (mostly SAX and XSLT processing in
multithreaded environment).
Comment 2 D. Sundstrom 2005-08-03 22:26:11 UTC 
Isn't it the caller's responsibility to synchronize access to the hash?
Comment 3 Daniel Veillard 2005-08-03 22:45:09 UTC 
In general libxml2 and libxslt garantee that there is no concurent modification,
I'm surprized it happened in their context.
 I didn't want to apply the patch without first making  a check about the speed
impact of it, so this has been pending.

Daniel
Comment 4 Daniel Veillard 2005-08-23 15:45:34 UTC 
The real bug is that in libxslt/extensions.c xsltElementsHash is a global
variable which is shared between transformations. Its access should then be
synchronized using a libxml2 xmlMutex . It's a bug, but I think making hash
table concurrent is the wrong way to fix this.

  I will look at this,

Daniel
Comment 5 Daniel Veillard 2009-08-14 07:05:32 UTC 
Okay I finally fixed the libxslt reentrancy problem around the global
variables used in extensions. I think this fixes the issue found here.

Daniel