PR# 13729 Routine `eraise' can get seg fault if error early in process lifetime

Problem Report Summary

Submitter: prestoat2000

Category: Runtime

Priority: Medium

Date: 2007/12/07

Class: Bug

Severity: Serious

Number: 13729

Release: 6.1.71424

Confidential: No

Status: Open

Responsible:

Environment: Mozilla/5.0 (X11; U; SunOS i86pc; en-US; rv:1.8.1.5) Gecko/20070719 Firefox/2.0.0.5 Solaris 10 on x86

Synopsis: Routine `eraise' can get seg fault if error early in process lifetime

Description

Based on code inspection, it looks like `eif_thr_init_root' (for MT
code) calls EIF_TSD_CREATE which for the pthreads case is a call to
`pthread_key_create' which can fail with ENOMEM.  If this call fails,
EIF_TSD_CREATE calls `eraise'.  But eraise calls RT_GET_CONTEXT and
EIF_GET_CONTEXT which will set locals to NULL since the key is
invalid.  It will then try to reference `echmem', which is

   (eif_globals->exdata_cx).ex_nomem

This will cause a seg fault since `eif_globals' is NULL.  Since signal
handlers haven't been setup yet, the process will terminate without
reporting the "could not create key" message.

I know that in some cases you cannot report an error (e.g., if process
exceeds datasize limit before "main" is even called) but there is
nothing you can do about that.  It seems to me that `eraise' should work
correctly early in the process lifetime and in cases where the process
does not have enough memory.

To Reproduce

Problem Report Interactions