GNOME Bugzilla – Bug 564723
libxml2 lead to crash when it dynamically loaded into multi-thread application
Last modified: 2012-01-18 15:30:52 UTC
We have a multithread application, that loads some plugins dynamically. One of the plugins use libxml2 for data processing, and often crashes. During investigations, i found that libxml2 causes this crash, as it non properly use pthread library - it register global variable with pthread_key_create and pass cleanup procedure for this variable.
But libxml2 doesn't unregister this variable with pthread_key_delete, so when thread in finished, and library is already unloaded, then glibc try to call cleanup procedure, and crash with following backtrace:
Created attachment 124788 [details] [review]
Proposed patch for fix this problem
This patch should fix described problem. At least we don't observe it already
Okay, I think I understand and overall agree with the patch, but
you still need to check for pthread_key_delete not being null
(and the key too) before calling it.
I commited that fix,
You need to reset once_control to an uninitialized state:
once_control = PTHREAD_ONCE_INIT;
otherwise xmlGetGlobalState() will not call xmlOnceInit() which again will not allocate a new key with pthread_key_create().
Thus when xmlCleanUpParser() is called for the 2nd time, it will delete the old key (from first call to pthread_key_create()), which now could potentially be owned by some other code.
This bug showed up for me at work.